tsmd does not yet verify the connecting binary's code signature. A malicious tool inside your session that knows the JSON-RPC protocol can speak it directly. Code-signing peer verification is possible on macOS, but I believe it requires an Apple Developer account.
tsmddoes not yet verify the connecting binary's code signature. A malicious tool inside your session that knows the JSON-RPC protocol can speak it directly. Code-signing peer verification is possible on macOS, but I believe it requires an Apple Developer account.