Apple already working on patch, potential mischief would be limited in scope
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Re-signing mandatory for existing apps
Despite recent claims, a Dev Center security breach may not be why developers are being asked to re-sign Mac apps using OS X Mavericks, sources say. An alternative reason for the switch hasn't been mentioned, but unnamed sources are countering reports yesterday from other unnamed sources. In the earlier rumors, it was claimed that one or more hackers had managed to obtain not only Gatekeeper keys but "virtually every key Apple used for everything."
Gatekeeper added to testing list
Apple has posted a new beta of OS X 10.9.5 for developers and AppleSeed participants, identified as build 13F18. Testing areas remain largely the same -- including Safari, graphics, Thunderbolt, and USB/USB smart cards -- but with the addition of a significant change to Gatekeeper, Apple's app-signing security feature. "Signatures created with OS X version 10.8.5 or earlier ('v1 signatures') are obsoleted and will no longer be recognized by Gatekeeper," Apple reminds the developer audience. "To ensure your apps will run on updated versions of OS X, they must be signed using the codesign tool on OS X version 10.9 or later ('v2 signatures')."
Essentially requires all apps be recompiled for Mavericks to avoid Gatekeeper trap
A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.
Brings Mountain Lion security tech back to previous OS
Complementing the release of OS X 10.8.2, Apple has also posted OS X 10.7.5, an update for Lion users. The software mainly retrofits Lion with Gatekeeper, the security technology built into Mountain Lion. By default Gatekeeper rejects unsigned apps, although restrictions can be loosened if necessary.
OS X updates to become annual releases
Apple is changing the way it rolls out OS X and even press events, a Daring Fireball report reveals. Beginning with the newly-announced Mountain Lion, OS X is moving to an annual update schedule. Apple has traditionally waited at least two years between major updates, but may want to keep pace with Windows, as well as iOS, the latter of which has always been updated once a year.
Mac OS X Mountain Lion adds iMessage, Reminders
In a surprise step, Apple on Thursday gave developers a preview version of OS X Mountain Lion, the next significant update to the core OS. The new version is directly influenced by iOS 5 and includes Notification Center, Reminders, Notes, Game Center, and Twitter integration, with iCloud syncing where it's relevant. AirPlay Mirroring is also new to the Mac and shares exactly what's on screen through an Apple TV.