CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Apple Changing the Way OS X Recognizes Signed Apps

Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don’t want Apple’s Gatekeeper anti-malware feature to block them.

Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don’t want Apple’s Gatekeeper anti-malware feature to block them.

According to the tech titan, version 1 signatures, the ones created with OS X Mountain Lion 10.8.5 or earlier, will be obsolete once OS X Mavericks 10.9.5 is released, and Gatekeeper will no longer recognize them.

“For your apps to run on updated versions of OS X they must be signed on OS X version 10.9 or later and thus have a version 2 signature,” Apple informed developers in the pre-release notes.

Teams building code on older versions of OS X are required to re-sign their apps on OS X 10.9 or later by using the codesign tool. Apple has highlighted the fact that developers must sign code while running OS X Mavericks in order to get a valid version 2 signature because the code signing system is part of the operating system. Copying the codesign tool from Mavericks to an older version of OS X will not work.

Once the applications are re-signed, they must be submitted to the App Store as an update. Applications signed with version 2 signatures will work properly on older versions of OS X, Apple said.

When Gatekeeper detects an application with an invalid signature, a warning message is displayed. Programs that continue to use version 1 signatures will only work if users add them to the protection software’s exception list. To ensure that their applications’ signatures will be accepted by Gatekeeper, developers can use the spctl tool.

The company has also advised developers to structure their bundles to meet the requirements for OS X 10.9 and later. This implies including signed code and resources only in directories that should contain such code, and not using the “–resource-rule”s flag or “ResourceRules.plist” since they’ve been made obsolete.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.