Changes coming soon to Apple’s Gatekeeper

“For apps that are downloaded from places other than the Mac App Store, developers can get a unique Developer ID from Apple and use it to digitally sign their apps,” Richard Mallion writes for Amsys.

“Apple have announced some changes for the forthcoming 10.9.5 update for Mavericks. For an application to remain trusted, developers will have to make sure the code is signed using OS X Mavericks 10.9 or later and create a v2 signature. This new requirement will also be a requirement for OS X 10.10 Yosemite,” Mallion writes. “This could mean some apps, that Gatekeeper previously allowed to run, will now generate a warning until their digital signatures have been updated. As a temporary work around, users can right-click the app and choose “Open” from the contextual menu to bypass Gatekeeper for that application.”

Full article here.

Related articles:
Security experts: Apple did OS X Mountain Lion’s Gatekeeper right – February 16, 2012
OS X Mountain Lion’s Gatekeeper slams the door on Mac trojans – February 16, 2012

6 Comments

    1. Ms Weaver’s character was possessed by the Gatekeeper. Are you saying you’d not bypass the Gatekeeper if it possessed someone else, say Bill Murray’s character?

  1. The only significant problem with Gatekeeper (apart from its original bugs and learning how to override it when necessary) has been the robbery of developer security certificates that were then stuck into Trojan horse malware and shoved at Mac users. Thankfully, Apple revoked the ripped off certificates in a hurry. Hopefully, this added step in security verification will prevent that from happening again.

    Next up: How about Apple getting hardcore about checking Internet security certificate revocation? They do as good a job as anyone else with Safari. They do hella better than Google’s checking in Chrome, which is literally a joke. But avoiding sites with revoked certificates is becoming an increasingly important problem. As the tech becomes more complicated, so does warding off the hackers and crooks.

    1. Correction: Apple developer security certificates were NOT stolen (that I’m aware of). But I remind myself that what happened a year ago was a breach of Apple’s developer website, leading to a scare that developer security certificates could be faked by way of stolen developer accounts.

      [Today’s excuse for my addled brain: Staying up too late last night reading through details about the user accounts stolen from (reportedly) 400,000 websites by Russian hackers.]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.