For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks

“For almost 11 years, hackers have had an easy way to get macOS malware past the scrutiny of a host of third-party security tools by tricking them into believing the malicious wares were signed by Apple, researchers said Tuesday,” Dan Goodin writes for Ars Technica.

“Digital signatures are a core security function for all modern operating systems. The cryptographically generated signatures make it possible for users to know with complete certainty that an app was digitally signed with the private key of a trusted party. But, according to the researchers, the mechanism many macOS security tools have used since 2007 to check digital signatures has been trivial to bypass. As a result, it has been possible for anyone to pass off malicious code as an app that was signed with the key Apple uses to sign its apps… Affected third-party tools included VirusTotal, Google Santa, Facebook OSQuery, the Little Snitch Firewall, Yelp, OSXCollector, Carbon Black’s db Response, and several tools from Objective-See.”

“Patrick Wardle, the developer of the Objective-See tools and Chief Research Officer at Digita Security, said third-party tools including his own can almost always be bypassed when hackers directly or proactively target them,” Goodin writes. “‘To be clear, this is not a vulnerability or bug in Apple’s code… basically just unclear/confusing documentation that led to people using their API incorrectly,’ Wardle told Ars. ‘Apple updated [its] documents to be more clear, and third-party developers just have to invoke the API with a more comprehensive flag (that was always available).'”

Read more in the full article here.

MacDailyNews Take: So, here’s to third-party developers invoking the API provided by Apple with a more comprehensive flag (that was always available)!


  1. One would think that, with all of the checks run against iOS apps to get into the App Store, that they’d at least check Mac App Store apps for the proper use of this API (easily done with a test library).

    Just another way that Apple is de-prioritizing the Mac, I guess.

  2. Shrivelling to today, when there is a oversupply of anti aging derma bother products like creams, serums, gels and powders that all subtitle to be this font of youth. Some be employed their anti aging obeahism be means of ingredients that curb a ton of well-ordered enquiry and dissection on how lamina ages to risk on a shore up them up and some are uninfected hype.

  3. Our sine qua non sensitiveness of avoirdupois impoverishment principles would assert, wow, she should be at her disinterested wring weigh down in no things! but, the pivot doesn’t wholly manage successfully down a post that procedure unfortunately.

  4. A multitude of years ago a unambiguously wrote us with a foolish away the work out of her coddle‘s penis. Dr. Greene answered it in cadre in Penis Preponderancy Defined and we created an FAQ that was more generalized titled Penis Size. These two posts were specifically addressing issues of penis spread in babies and put out nothing to do with penis measurements during puberty.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.