[zymhan]

So this confirms that Apple revoking the app-signing certificate that pissed off a bunch of people was related to KeRanger?

[kogir]

No. They revoked that single developer's certificate. I think you're referring to an Apple certificate that simply expired and invalidated many App Store signatures.

[kolinko]

They revoked the developer's certificate, or they blocked opening up of an image with a given checksum?

[duskwuff]

Both.

Apple has updated XProtect to detect the malicious Transmission disk image and prevent it from being opened, and has additionally revoked the developer certificate which was used to sign the application on that disk image to prevent any other applications they sign from being treated as trusted.