Researchers said that bypassing the signature check method is very easy and trivial. Almost all hackers who find it can disguise malicious code as an Apple-signed application. These digital signatures are core security features that let users know that the application is signed with the private key of the trusted party, just like the official Apple application.
macOS system have a 11 year-old vulnerability
According to ArsTechnica, hackers already have a simple method to allow certain malware to bypass the signature check of third-party security tools. This vulnerability appeared in the 2007 OS X Leopard system and has existed until this year. Researchers have found that hackers can basically fool security tools and let security tools think that malicious software is signed by Apple’s official, but in fact, it hides malware.
Image: Okta
Joshua Pitts, a senior penetration testing engineer at Okta, a security company, said that he discovered the vulnerability in February and shortly afterwards informed Apple and third-party developers about the vulnerability.
Apple said on March 20 that it did not consider this loophole as a security issue that needs immediate resolution. On March 29, Apple updated the documentation to clarify this issue more clearly. The documentation states that “Apple updated [its] documents to be more clear, and third-party developers just have to invoke the API with a more comprehensive flag (that was always available).”