back to article Hello, 'Apple' here, and this dodgy third-party code is A-OK with us

A recently discovered security vulnerability in how third party vendors are checking Apple's "code-signing" process potentially made it easier to trick macOS users into running malicious third-party code. Developers have been warned of the risk, but users still need to upgrade their software to guard against attacks exploiting …

Silver badge
Joke

You're signing it wrong !

See title...

5
4
Silver badge

Re: You're signing it wrong !

Sorry to ruin the joke but this attack doesn't fool any of the built-in OS-level security measures, just a bunch of third-party apps that check the signature on only the first architecture within a fat binary.

So the blame-claim would be: they're validating it wrong.

... though hopefully Apple will do something about whatever the APIs are to encourage correctness by default.

10
1
Silver badge

Re: You're signing it wrong !

The "is it signed" APIs are so badly documented as to not exist.

So I'm not surprised people aren't using them correctly. Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.

8
0
Silver badge

Re: You're signing it wrong !

Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.

Copied from StackOverflow, perhaps?

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018