Notarization is still new to most of us and will start to affect you soon. Learn with us! Join the #notarization channel on The rub is MacAdmins have to continually be on top of these changes or they will come back to bite us. They are continuing to secure macOS and if that means releasing a security change mid-cycle so be it! Again this is a good thing, anything Apple can do to secure macOS what we want. Apple is no longer releasing features and security enhancements in the gold master and calling it a day. I posted above about mid-cycle security update releases because this is the new norm for Mac Administration. Update 04/09/19 – The date for new/updated kernel extensions is 03/11/19 What does mid-cycle security changes mean for MacAdmins? I attempt to install this application today and Gatekeeper WILL ALLOW the install. When I go to install this app on a 10.14.5 system Gatekeeper will BLOCK this application from installing.Įxample #2 – I built an application last year with my Developer ID. If you build apps with a brand new Developer ID notarization is required for your app to install.Įxample #1 – I build a brand new Application with my new Developer ID that I signed up for today. Reading this again I think it’s the same as Kernel extensions. 10.14.5 – All software from Developers new to distributing with a Developer ID. The app WILL INSTALL because this application was built before the change. If I tried to install this app on a 10.14.5 system the Kernel Extension would NOT INSTALL.Įxample #2 – If I attempt to install Symantec Endpoint Protection.app that has a Kernel extension built in on a 10.14.5 system. I think this means that once you have 10.14.5 any NEW or UPDATED Kernel extension will NOT LOAD unless it is fully notarized.Įxample #1 – I build a brand new application today that has a built-in Kernel Extension. 10.14.5 – New or updated Kernel Extensions Looking over this paragraph the important part seems to be “all new or updated”. Looking at the requirement paragraph we can make some guesses. This bit of information was just made public late this afternoon. Starting in 10.13.4 all new kernel extensions installed needed to be approved or white listed.
0 Comments
Leave a Reply. |