Could Apple not then revoke their certificate, preventing any future occurrences?
2
Repple (she/her) - 4hr
Yes, and additionally if I’m reading this correctly, this attack would only work for people whose security settings are to run any signed code from trusted developers. One of the standard options is trusting only App Store distributed code for which this attack would not work
bestboyfriendintheworld in apple_enthusiast @lemmy.world
I foretold that Mac app notarization is security theater
https://lapcatsoftware.com/articles/2025/12/5.htmlCould Apple not then revoke their certificate, preventing any future occurrences?
Yes, and additionally if I’m reading this correctly, this attack would only work for people whose security settings are to run any signed code from trusted developers. One of the standard options is trusting only App Store distributed code for which this attack would not work