Analyzing
Code: Select all
OpenWebStart javaws.app
Code: Select all
codesign -dr - /Applications/OpenWebStart/OpenWebStart\ javaws.app Executable=/Applications/OpenWebStart/OpenWebStart javaws.app/Contents/MacOS/JavaApplicationStub designated => always
Steps to Reproduce:
Open Applications > Utility > Terminal
Run
Code: Select all
codesign -dr - /Path/To/OpenWebStart\ javaws.app
Code: Select all
designated => always
Expected output should be something like
Code: Select all
designated => anchor apple generic and identifier "com.OpenWebStart" and (certificate leaf[field.XXXXXXXXXX] /* exists */ or certificate 1[field.XXXXXXXXXX] /* exists */ and certificate leaf[field.XXXXXXXXXX] /* exists */ and certificate leaf[subject.OU] = XXXXXXXXXX)
Output indicates code signature is invalid or unsigned
Environment:
OpenWebStart version: 1.9.1 ARM64 Mac and X64 Mac
Operating System: macOS Sonoma 14.4.1
Impact:
Security Risks: The source and integrity of the application cannot be verified.
Deployment Issues: It may be impossible for MDM administrators to manage configurations with the Application and OS, causing delays and inefficiencies in the deployment process. For example: Privacy Preferences Policy Control https://support.apple.com/guide/deploym ... f53c2a/web
Trust Issues: On macOS, applications with invalid or missing signatures are often flagged by Gatekeeper and are not allowed to run by default. This could lead to trust issues, as users might be reluctant to use an application that their device flags as potentially unsafe.