Certificate expiration affecting macOS App Store and VPP apps
2023-2-13 22:49:26 Author: derflounder.wordpress.com(查看原文) 阅读量:24 收藏

Home > Apple Volume Purchase Program, Mac administration, macOS > Certificate expiration affecting macOS App Store and VPP apps

Certificate expiration affecting macOS App Store and VPP apps

Mac admins who have previously installed macOS apps from the Mac App Store (MAS) or the Volume Purchase Program (VPP) may be seeing some of those apps displaying warning messages on launch that the application is damaged.

Screenshot 2023 02 07 at 5 37 40 PM

When observed, this behavior may be appearing because the certificates Apple has been using to digitally sign apps have recently expired, on February 6th 2023 or February 7th 2023. (Both expiration dates have appeared in signing certificates on the apps I’ve checked.)

Screenshot 2023 02 13 at 11 39 25

When the code signing is detected as being invalid, Apple’s security tools are blocking launch as a consequence. In most cases, it appears that the code signing is still appearing as valid despite being past the expiration date.


Update: February 13, 2023 – I’ve received feedback from @macmuleblog after posting that they have seen damaged apps from VPP where they had a valid code signing certificate, so the root cause for the damaged apps may be different than what I initially posted. My apologies for any confusion caused.


Both the Apple Mac OS Application Signing certificate used to sign the apps, and the Apple Worldwide Developer Relations Certification Authority intermediate certificate are showing expiration dates that are now in the past.

Screenshot 2023 02 13 at 9 32 17 AM

Screenshot 2023 02 13 at 8 56 28 AM

In the cases where I’ve experienced applications reporting as damaged, uninstalling the app and reinstalling it seems to have addressed the issue. Hopefully Apple is working on getting the issue handled by re-issuing apps which are signed with a certificate signed with a new expiration date in the future.


Update: February 13, 2023 – It looks like Apple had previously begun the code signing effort I requested above. When I checked Microsoft’s To Do app, I saw that the Apple Mac OS Application Signing certificate used to sign the app and the Apple Worldwide Developer Relations Certification Authority intermediate certificate are showing expiration dates in the future.

Screenshot 2023-02-13 at 10.54.24 AM

Screenshot 2023-02-13 at 10.54.28 AM



文章来源: https://derflounder.wordpress.com/2023/02/13/certificate-expiration-affecting-macos-app-store-and-vpp-apps/
如有侵权请联系:admin#unsafe.sh