undefined | Better HN

0 pointsabalone9y ago0 comments

Signing does help! Apple can revoke the certificate the instant the malware is discovered, blocking all future installs. Whereas Handbrake is going to rely on XProtect[1] which entails Apple refreshing all Macs in the universe at some delay.

While I'm at it, distributing through the Mac App Store would have added further protection against this attack on a couple levels. 1) It's harder to compromise with a MITM attack in the first place. 2) macOS wouldn't install an update signed by another party like this.

[1] "We have been informed that the process to update the definitions for OSX's XProtect feature started this morning, so this should start rolling out to machines automatically soon if not already."

0 comments

2 comments · 1 top-level

rovr1389y ago· 1 in thread

Okay, but the damaged would have already been done.

>Further Actions Required

> Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.

abaloneOP9y ago

Not exactly. Signing would have minimized the overall damage by letting Gatekeeper halt all installs from pretty much the moment the malware was discovered. And distributing through the Mac App Store would have prevented this MITM attack in the first place.

j / k navigate · click thread line to collapse