From f55e87b9506489837474149dc610adb35a6ce191 Mon Sep 17 00:00:00 2001
From: kimg45 <138676274+kimg45@users.noreply.github.com>
Date: Thu, 8 Aug 2024 13:38:21 -0500
Subject: [PATCH] add hardened runtime info

---
 content/posts/macos/Security Features of macOS | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/content/posts/macos/Security Features of macOS b/content/posts/macos/Security Features of macOS
index 434d353..9a08369 100644
--- a/content/posts/macos/Security Features of macOS	
+++ b/content/posts/macos/Security Features of macOS	
@@ -28,4 +28,18 @@ If the app is sandboxed, you will see
     [Key] com.apple.security.app-sandbox
     [Value]
         [Bool] true
-```
\ No newline at end of file
+```
+
+## Hardened Runtime
+
+The [Hardened Runtime](https://developer.apple.com/documentation/security/hardened_runtime) is an optional security feature that developers can enable that makes an app more resistant to exploitation. It prevents certain classes of exploits, like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
+
+Unlike the App Sandbox, the Hardened Runtime is required in order for an app to be notarized and so you'll be warned by Gatekeeper if an app doesn't use it. While this warning is bypassable, you should be cautious and investigate a bit more before running it.
+
+Check if an app is using the Hardened Runtime before running it with the command
+
+``` zsh
+codesign --display --verbose /path/to/bundle.app
+```
+
+You will see `flags=0x10000(runtime)` if it's enabled.
\ No newline at end of file