nbalonso.com

Jumping Gatekeeper

| Comments

So what would happen if a developer gets a certificate from Apple and creates a signed installer that allows 3rd party code execution?

What names come up when look who uses this developers product? Well just from the first page in Google and in order of appearance:

  •  Massachusetts Institute of Technology
  •  Northern Illinois University
  •  Columbia University
  •  University of North Carolina
  •  Utah State University
  •  University of Washington
  •  ROBERT MORRIS UNIVERSITY
  •  Shoreline Community College

Know any of those? Do you think they rely on Gatekeeper?

but most important of all, you as a SysAdmin reading this, did you stop to think what controls did Apple put in place to control signed installers? None! so think carefully when choosing your Gatekeeper settings

I honestly think that nowadays no SysAdmin relies on signed installers and signed installers, yet!

PS: Bug has been reported to the vendor. Hopefully will reply soon and I can update this post with who and how

Comments