1 Reply
      Latest reply on Jun 11, 2019 10:42 AM by Get My Mac On
      rtrouton Level 1 Level 1 (0 points)

        Defense in Depth


        User privacy protection



        Defense in Depth:


        macOS is designed with layers of security


        One layer failing doesn't defeat all security


        Rely on multiple layers:

        - Delay the advance of an attack

        - Reduce attack surface

        - Trap attackers



        Gatekeeper works with user privacy protection


        - If something gets past Gatekeeper, user privacy protections may block malicious software  from accessing user data.



        What does Gatekeeper check?

        - Malicious content scan

        - Signature validation - has it been tampered with?

        - Does it meet the Mac's security policy? (MAS only, MAS and Developer ID, None)

        - Does the user want to run it? (Ask the user if they want to run it.)



        When does Gatekeeper check on Mojave?


        - First launch of quarantined content





        - Marks files that arrive on the system from a variety of external sources

        - Adds metadata about the external source (like web address, etc.)

        - Apps can opt-in to quarantining files

        - Default for files written by sandboxed apps



        On Mojave 10.14.5:

        Local policy check was updated to include checking for notarization



        On macOS Catalina:



        Local policy check: All new software requires notarization.

        First launch prompt: User must approve software in bundles


        Non-quarantined software:


        All software (quarantined and non-quarantined) gets the malicious content scan.



        Note: Apple's position is that you can always choose to run any software on your system. Apple will provide tools and methods to enable software to run.






        Make macOS as secure as iOS, while preserving macOS's flexibility.


        Platform security is reliant on validity of code signatures.

        In a future version of macOS, unsigned code will not run by default.



        For developers:



        Sign and notarize all software you distribute

        - Even if it doesn't get quarantined

        Don't modify signed applications or bundles

        Loading code can fail

        - Ensure your apps handle failure gracefully





        User privacy protections


        Recording capabilities

        Files and folders




        Recording capabilities:


        Users have to consent to:



        On Mojave:





        On Catalina:




        Screen recording

        Keyboard input monitoring



        Keyboard input monitoring:


        No approval necessary to monitor events for own app.

        Monitoring all keyboard events requires user approval.



        Files and folders protection:


        - Data that requires user consent to access

        - Private data which is managed by the system.


        New protected areas in Catalina:






        iCloud Drive

        Third-party cloud storage (Dropbox, OneDrive, Box, etc.)

        Removable volumes

        Network volumes


        User consent is not required to create new files in protected locations. Only reading data from protected locations.


        Open and save dialog panels are now hosted out of process.

        Files can be checked to see if they're readable / writable without triggering consent dialogs.



        Private data managed by the system:







        Safari browsing history

        HTTP cookies

        Call History

        iTunes backups

        Time Machine backups


        In Catalina:




        Safari browsing history

        HTTP cookies

        Call History

        iTunes backups

        Time Machine backups




        Do not need Full Disk Access to move a file to the Trash

        Just need authorization to the file being moved.

        Caller retains access to the file, even once it's in the Trash.



        Automation authorization:



        Synthetic input events

        - Governs ability to synthesize mouse clicks or keyboard presses

        - Important to prevent malware from clicking through security consent dialogs.


        Privacy preferences in macOS are being expanded to support a number of new privacy keys, including:



        File Provider Presence

        Listen Event

        Media Library

        Screen Capture

        Speech Recognition

        System Policy Desktop Folder

        System Policy Documents Folder

        System Policy Downloads Folder

        System Policy Network Volumes

        System Policy Removable Volumes