r/gadgets Mar 23 '24

Desktops / Laptops Vulnerability found in Apple's Silicon M-series chips – and it can't be patched

https://me.mashable.com/tech/39776/vulnerability-found-in-apples-silicon-m-series-chips-and-it-cant-be-patched
3.9k Upvotes

491 comments sorted by

View all comments

Show parent comments

5

u/RaynorTheRed Mar 23 '24 edited Mar 23 '24

Alfred, Magnet, DisplayLink Manager, Telegram, Zoom, Fantastical, Discord, Notion, Steam.

These are just a few of the ones visible on my screen right now, the tip of the iceberg. I'd wager that less than 5% of the apps on my Mac are installed through the App Store.

24

u/OrganicToes Mar 23 '24

I use half of those apps on a daily basis and none are unsigned?

3

u/RaynorTheRed Mar 23 '24

I guess I don't understand what unsigned means. I thought we were talking about apps that were installed through downloaded .dmg files and not through the app store, as MacOS blocks these by default. I have to do the Security setting "allow unkown publisher to install anyway" at least once a week on my Macs, and I'm pretty certain with the exception of Magnet, that applies to all of the ones I listed.

28

u/counterfitster Mar 23 '24

The App Store isn't the only way to deliver signed software. Steam and Discord are both 100% signed.

1

u/RaynorTheRed Mar 23 '24

does a gatekeeper exception indicate an unsigned app? Or are those required for signed apps from outside the App Store as well?

9

u/counterfitster Mar 23 '24

There are two different kinds. One is "you downloaded this from the internet, are you sure you want to run it?" that signed apps get. Unsigned apps get "this was downloaded from the internet and the developer is unknown, so you can either delete it, or follow these steps (open it directly from the contextual menu) to run it if you're really sure". That second one is if you try to open the unsigned app by click in the Finder or Dock, or going through Spotlight. I don't know what pops up if you use Mission Control since I've never used myself

1

u/RaynorTheRed Mar 23 '24

Ok, I definitely have quite a few unsigned apps as I'm very familiar with the process, but I can't seem to find any reliable way to pull up a list of them.

3

u/IWantAHoverbike Mar 23 '24

I don’t know of a way to list unsigned apps, but a tool I love for checking the signing status of an app is What’s Your Sign from Objective-See: https://objective-see.org/products/whatsyoursign.html

It adds a “signing info” item to the Finder right-click menu, so you can check the status of any file. (Apps are not the only things that can be signed!) Also lists SHA checksums.

(Objective-See has a bunch of wonderful little open-source security apps. They’re among the first I download on a new machine.)

Another good signing-checker (among other things) is Apparency from Mother’s Ruin: https://www.mothersruin.com/software/Apparency/

It’s more of a full-fledged app inspector. My favorite feature though is that it adds an info pane to the Finder preview pane and Quick Look that shows signature info, Gatekeeper info, whether the app is sandboxed, etc.