macOS Infection Vectors

Created: 28.07.2022

This is about … .


  1. Gatekeeper. Gatekeeper in OS X Mountain Lion (10.8). Built atop File Quarantine, Gatekeeper checks the code-signing information of downloaded items and blocks those that do not adhere to system policies. Patrick Wardle, “Gatekeeper Exposed,” January 17, 2016,
  2. File Quarantine provides a warning to the user that asks for explicit confirmation before allowing the file to execute.
  3. Application notarization requirements. These requirements ensure that Apple has scanned and approved all software before it is allowed to run.


spctl -a -vvv -t install /Volumes/Install/ # check if the application notarisation requirements were satisfied.

Xcode projects

A script in the project’s project.pbxproj file that executes another script, Assets.xcassets, from a hidden directory called /.xcassets/.


Expand… Something here