Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Apple Changing the Way OS X Recognizes Signed Apps

Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don’t want Apple’s Gatekeeper anti-malware feature to block them.

Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don’t want Apple’s Gatekeeper anti-malware feature to block them.

According to the tech titan, version 1 signatures, the ones created with OS X Mountain Lion 10.8.5 or earlier, will be obsolete once OS X Mavericks 10.9.5 is released, and Gatekeeper will no longer recognize them.

“For your apps to run on updated versions of OS X they must be signed on OS X version 10.9 or later and thus have a version 2 signature,” Apple informed developers in the pre-release notes.

Teams building code on older versions of OS X are required to re-sign their apps on OS X 10.9 or later by using the codesign tool. Apple has highlighted the fact that developers must sign code while running OS X Mavericks in order to get a valid version 2 signature because the code signing system is part of the operating system. Copying the codesign tool from Mavericks to an older version of OS X will not work.

Once the applications are re-signed, they must be submitted to the App Store as an update. Applications signed with version 2 signatures will work properly on older versions of OS X, Apple said.

When Gatekeeper detects an application with an invalid signature, a warning message is displayed. Programs that continue to use version 1 signatures will only work if users add them to the protection software’s exception list. To ensure that their applications’ signatures will be accepted by Gatekeeper, developers can use the spctl tool.

The company has also advised developers to structure their bundles to meet the requirements for OS X 10.9 and later. This implies including signed code and resources only in directories that should contain such code, and not using the “–resource-rule”s flag or “ResourceRules.plist” since they’ve been made obsolete.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.