back to article Hello, 'Apple' here, and this dodgy third-party code is A-OK with us

A recently discovered security vulnerability in how third party vendors are checking Apple's "code-signing" process potentially made it easier to trick macOS users into running malicious third-party code. Developers have been warned of the risk, but users still need to upgrade their software to guard against attacks exploiting …

  1. malle-herbert Silver badge
    Joke

    You're signing it wrong !

    See title...

    1. ThomH Silver badge

      Re: You're signing it wrong !

      Sorry to ruin the joke but this attack doesn't fool any of the built-in OS-level security measures, just a bunch of third-party apps that check the signature on only the first architecture within a fat binary.

      So the blame-claim would be: they're validating it wrong.

      ... though hopefully Apple will do something about whatever the APIs are to encourage correctness by default.

      1. Richard 12 Silver badge

        Re: You're signing it wrong !

        The "is it signed" APIs are so badly documented as to not exist.

        So I'm not surprised people aren't using them correctly. Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.

        1. handleoclast Silver badge

          Re: You're signing it wrong !

          Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.

          Copied from StackOverflow, perhaps?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019