New macOS Gatekeeper vulnerability discovered

CVE-2022-42821 (via Bleeping Computer):

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.


We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call “Achilles”. Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.



Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017)

Impact: An app may bypass Gatekeeper checks

Description: A logic issue was addressed with improved checks.

CVE-2022-42821: Jonathan Bar Or of Microsoft

Gatekeeper is the service that checks apps installed on macOS to ensure that they are notarised and signed by developers for distribution. This is a fascinating bug that works by leveraging AppleDouble and Access Control Lists (ACLs) to specify metadata allowing for the bypass of Gatekeeper checks.

Unfortunately those running the new Lockdown Mode introduced in macOS Ventura are also impacted by this issue and will need to update Ventura to fix the bug.

Microsoft shuts down SwiftKey for iOS


As of October 5, support for SwiftKey iOS will end and it will be delisted from the Apple App Store. Microsoft will continue support for SwiftKey Android as well as the underlying technology that powers the Windows touch keyboard. For those customers who have SwiftKey installed on iOS, it will continue to work until it is manually uninstalled or a user gets a new device. Please visit for more information.

The writing has been on the wall for SwiftKey for iOS for sometime now. The app itself hasn’t been updated in more than a year, with the the addition of Emoji search back on August 11, 2021.

Meanwhile the Android app has continued to receive numerous updates, with the most recent just a fortnight ago on September 15.

With Microsoft refusing to comment further on the reasons behind the shutdown, we can only speculate for now. But it’s easy to see how iOS’ more closed system may have prevented the team from adding additional functionality that is permitted on Android, such as clipboard sync.

Xcode Cloud paid subscriptions now live

Apple Developer News:

Get started by configuring a workflow in Xcode and receive 25 compute hours per month at no cost until the end of 2023. And now, Account Holders can subscribe for more compute hours in the Apple Developer app

Paid subscriptions for Apple’s managed CI/CD tool, Xcode Cloud, are now available. Pricing was previously announced at WWDC 2022, ranging from $14.99USD (25 compute hours/per month) to $399.99USD (1000 compute hours/per month).

Until now, Apple had been offering the service for free. The entry-level $14.99 tier will remain free until December 2023.

Coinciding with the announcement, there’s also an update available (v10.1.1) for the Apple Developer app that adds a new section in the Account tab that allows you to see your Xcode Cloud subscription. From within the app you can manage which pricing tier your team is on.

Apple announces September 7, 2022 event

As expected, Apple has today announced that the next event will be held on September 7 at 10am P.T. It will likely see the introduction of the new iPhone 14 and Apple Watch devices.

As has been the norm for a few years now, there’s also an AR experience available when visiting the Apple Events site and tapping on the logo[^1].

It’s worth noting that iOS 16 will launch soon after this event – so that means we have a little over a fortnight until App Store submissions can begin. Also keep in mind that Apple has confirmed that iPadOS 16 won’t launch until October, telling TechCrunch that it’ll launch around the same time as macOS Ventura:

This is an especially big year for iPadOS. As its own platform with features specifically designed for iPad, we have the flexibility to deliver iPadOS on its own schedule. This Fall, iPadOS will ship after iOS, as version 16.1 in a free software update.

[^1]: As spotted first by the folks at MacRumors.

iCloud apps can now be transferred between developers

light art dark abstract

In a short, but game-changing post to the Apple developer news site, Apple has confirmed apps that use iCloud can now be transferred between accounts.

Apps that use iCloud can now be transferred to another developer in the Apple Developer Program.

Apple Developer News

Until now, after enabling the iCloud entitlement and shipping the app in production developers were unable to transfer the app to another developer account. This meant that in the event that an app was sold, the entire developer account would need to be transferred to the new owner.

It’s still unclear why this restriction was in place to begin with and what’s changed now to allow Apple to offer this feature. But Apple does go on to note the following:

If multiple apps on your account share a CloudKit container, the transfer of one app will disable the other apps’ ability to read or store data using the transferred CloudKit container. Additionally, the transferor will no longer have access to user data for the transferred app via the iCloud dashboard. Any app updates will disable the app’s ability to read or store data using the transferred CloudKit container.

Apple adds new code signing technotes

If you’re looking to find out more about code signing for Apple’s platforms (iOS, macOS, tvOS, watchOS etc.) then Apple has just published some new content on the topic.

Apple has been slowly adding more technical articles back to the Apple Developer site since adding the new Technotes section in February, and in the last few days the company has added a new series of articles about code signing.

The articles form a series – dubbed ‘Inside code signing’ – that deep-dive into the world of code signing and cover certificates, hashing, provisioning profiles and more.

Code signing is a foundational technology on all Apple platforms. Many documents that discuss code signing focus on solving a specific problem. The Inside Code Signing technote series is different: It peeks behind the code signing curtain, to give you a better understanding of how this technology works.

TN3125: Inside Code Signing: Provisioning Profiles

Not only does Apple cover theoretical concepts, there’s also a sprinkling of examples of command line tools that can be used to extract information from provisioning profiles, perform code signing and more.

Apple had been posting some of the content about code signing recently to the Apple Developer Forums, but having them centralised in this series on the Technotes site is much better for discoverability and readability.

The language of the articles has also been made more formal, with more examples provided to better suit the technotes format and style.

Apple shares more details about WWDC22 ‘special event’

As excitement builds towards WWDC 2022, Apple has today shared more details about what to expect at the ‘special event’ at the Apple Park campus:

We’re hosting a special all-day experience at Apple Park on June 6 to kick off WWDC22. Gather with others in the developer community to watch the keynote and State of the Union videos alongside Apple engineers and experts, explore the all-new Developer Center, and so much more.

Apple Developer site

Submissions are open from May 9 at 9:00 a.m. PT to May 11 at 9:00 a.m. PT, with successful developers notified by May 12 at 6:00 p.m. PT.

It’s worth noting that the Developer Center referred to here is a new building on Apple Park. This first came to light last year as part of the Apple vs Epic trial. It isn’t referring to the virtual Developer Center that hosts the developer documentation, downloads and account management.

The Developer Center could be a great place to show off some new hardware, especially if it’s designed to be a similar setup like that of the old Compatibility Labs. With new VR and even AR hardware rumoured in the coming years, it seems like it’ll be a popular place to visit.

There’s still no word on where the keynote and State of the Union address will be held on campus. Potential locations include indoors at the Steve Jobs theatre, or even in the center of the ring at the rainbow stage.

Surprisingly Apple also won’t be requiring attendees to be vaccinated against COVID-19. However if selected you will need to provide proof of a negative COVID-19 test taken no more than 3 days prior.

Apple clarifies app removal policy

Apple has issued a note to developers after recent media reports about them removing apps from the App Store that haven’t been updated in 2+ years:

As part of the App Store Improvements process, developers of apps that have not been updated within the last three years and fail to meet a minimal download threshold — meaning the app has not been downloaded at all or extremely few times during a rolling 12 month period — receive an email notifying them that their app has been identified for possible removal from the App Store.

Apple always wants to help developers get and keep quality software on the App Store. That’s why developers can appeal app removals. And developers, including those who recently received a notice, will now be given more time to update their apps if needed — up to 90 days. Apps that are removed will continue to function as normal for users who have already downloaded the app on their device.

Apple Developer News & Updates

It’s unclear why this has suddenly made mainstream headlines, as this program has been ongoing for many years now since 2016. Perhaps this time around Apple has inadvertently targeted more popular app developers, or enough time has passed since the program was announced that many forgot about it?

If you do get hit by an app removal notice, you’ll now have 90 days (an increase from 30 days) to issue an update to keep the app in the store.

And based on the wording of the post, if your app continues to function and doesn’t require an update you can appeal to Apple to keep the app in the store.