Have you heard of BadUSB? The vast majority of people working with the USB didn’t sign their code. If they had, BadUSB wouldn’t be thing. That said, with the upcoming release of OS X 10.9.5 Apple is forcing developers to use the latest version of Code Signing, an important component of the mothership’s anti-malware and hacker GateKeeper technology.
With the release of OS X Mavericks 10.9.5, the way that OS X recognizes signed apps will change. Signatures created with OS X Mountain Lion 10.8.5 or earlier (v1 signatures) will be obsoleted and Gatekeeper will no longer recognize them. Users may receive a Gatekeeper warning and will need to exempt your app to continue using it. To ensure your apps will run without warning on updated versions of OS X, they must be signed on OS X Mavericks 10.9 or later (v2 signatures).
If you build code with an older version of OS X, use OS X Mavericks 10.9 or later to sign your app and create v2 signatures using the codesign tool. Structure your bundle according to the signature evaluation requirements for OS X Mavericks 10.9 or later. Considerations include:
— Signed code should only be placed in directories where the system expects to find signed code.
— Resources should not be located in directories where the system expects to find signed code.
— The –resource-rules flag and ResourceRules.plist are not supported.
Make sure your current and upcoming releases work properly with Gatekeeper by testing on OS X Mavericks 10.9.5 and OS X Yosemite 10.10 Developer Preview 5 or later. Apps signed with v2 signatures will work on older versions of OS X.
For more details, read “Code Signing changes in OS X Mavericks” and “Changes in OS X 10.9.5 and Yosemite Developer Preview 5” in OS X Code Signing In Depth.
Apple Developer Technical Support
If the developers behind your favorite apps have kept up with Apple’s GateKeeper and Code Signing tech, then you should be OK. However, older apps could be broken…
What’s your take?