by Trying to build a Mac Application Penetration Test Checklist….
How to Check if a macOS App is Notarized
Version: macOS 11.7.1
You can check if a macOS application is notarized by using the spctl command-line utility. spctl evaluates if the system allows execution, installation, and other operations on files.
The first example is an app that is not notarized. spctl shows the status as rejected and the source indicates Unnotarized Developer ID. Run this on the application itself, the application folder in /Applications, and the installer file.
$ spctl -a -vvv -t install MacApp.appMacApp.app: rejectedsource=Unnotarized Developer IDorigin=Developer ID Application: <redacted developer account>The second example is a notarized app. spctl shows the status as accepted.
$ spctl -a -vvv -t install Project1.appProject1.app: acceptedsource=Notarized Developer IDorigin=Developer ID Application: <redacted developer account>The table below describes the spctl options.
| Option | Description |
|---|---|
-a | Stands for assess and requests spctl to perform an assessment of the given file. |
-vvv | Specifies increased output verbosity. |
-t install | Specifies the type of assessment. install assesses installation. |
SuspiciousPackage
SuspiciousPackage is a tool useful to inspect .pkg files (installers) and see what is inside before installing it. These installers have preinstall and postinstall bash scripts that malware authors usually abuse to persist the malware.
This text is priceless. Please keep making more!
Thaanks forr sharing your info. I really appreciate your efforts and I will
be waiting for your next post thank you once again.
Its like you read my thoughts! You appear to understand so much
about this, such as you wrote the book in it or something.
I believe thast you simply could do with some percent to power the message house a little bit, but insstead
of that, that is excellent blog. A fantastic read.
I will definitely be back.