PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-01-09 05:31:33 -05:00
Code

add hardened runtime info

Browse Source
This commit is contained in:
kimg45 2024-08-08 13:38:21 -05:00 committed by GitHub
parent 04dccb9469
commit f55e87b950
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/posts/macos/Security Features of macOS
View File

@ -28,4 +28,18 @@ If the app is sandboxed, you will see
[Key] com.apple.security.app-sandbox
[Value]
[Bool] true
```
```
## Hardened Runtime
The [Hardened Runtime](https://developer.apple.com/documentation/security/hardened_runtime) is an optional security feature that developers can enable that makes an app more resistant to exploitation. It prevents certain classes of exploits, like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
Unlike the App Sandbox, the Hardened Runtime is required in order for an app to be notarized and so you'll be warned by Gatekeeper if an app doesn't use it. While this warning is bypassable, you should be cautious and investigate a bit more before running it.
Check if an app is using the Hardened Runtime before running it with the command
``` zsh
codesign --display --verbose /path/to/bundle.app
```
You will see `flags=0x10000(runtime)` if it's enabled.