Perhaps most notable, features like automatic software updates (via Sparkle or similar mechanisms) will no longer work.
The problem with Gatekeeper Path Randomization is that copying applications to a read-only disk image will break functionality in many, if not most, existing applications.
For a more detailed technical analysis of GPR, as well as an investigation into some possible flaws in its implementation, see this series of more detailed blog posts I wrote elsewhere: App Translocation, Zero Day?, Undo. With the app bundle’s path thus changed, it will no longer find any external resources where it was expecting them, and thus the loading of malicious resources is prevented. It works by mounting a read-only disk image in a temporary path in the file system, copying the app onto that disk image, then launching the app from there. Gatekeeper Path Randomization is an attempt to avoid this vulnerability. Wardle found that a number of popular apps, including some of Apple’s own apps, could be used as a vector for such an attack. The app would pass the Gatekeeper check and be allowed to launch, after which it would load the malicious external resources. Wardle determined that if a Developer ID-signed app loads resources external to its app bundle via a relative file path, an attacker could package the app together with malicious external resources in order to work around the Gatekeeper protection. Last year, security researcher Patrick Wardle discovered a vulnerability in Gatekeeper called dylib hijacking. If the app is not signed, then Gatekeeper will refuse to launch the app. If the app is Developer ID-signed, then Gatekeeper allows the app to launch. When enabled, Gatekeeper checks whether an app downloaded from the internet has been signed with a Developer ID certificate, which third-party developers such as Rogue Amoeba purchase from Apple. 1Īs you’re likely aware, Gatekeeper is a security feature that has already been in place for several years. GPR is explained in the WWDC session video “What’s New in Security”, which you can view at. I’d like to take a few minutes now to talk directly to fellow software developers about Sierra, specifically about a new Sierra security feature called “Gatekeeper Path Randomization” (GPR) that has serious implications for software delivered outside of the Mac App Store. For more detailed information, please see our Status page. We’ll be releasing fully compatible updates for 10.12 as soon as possible. For now, however, we recommend that if you can’t live without our software - which we love to hear! - you should stick with 10.11 (El Capitan) or lower. Sierra is scheduled for official release in the fall, and we’re hard at work on getting our software ready for it. At their recent Worldwide Developers Conference, Apple announced macOS 10.12 (Sierra), the next major version of the Mac operating system.