Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

June 13, 2018

Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that.

The way some developers have implemented Apple’s official code-signing API can be exploited by attackers. Essentially, Apple makes an API available to developers that want to create a security function that verifies Apple files as being legitimate (by making sure the file’s code is signed). However, many of these developers have not used the API properly, so it introduces a vulnerability into the security product or function that allows for unsigned malicious code to appear to be signed by Apple.

Read More on Threat Post