Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Remember, Good technology is no match to BAD implementation - - Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers.

Tuesday, June 12, 2018

Remember, Good technology is no match to BAD implementation - - Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers.

NOTE - This is NOT a vulnerability in MacOS itself but a flaw in how third-party security tools implemented Apple's code-signing API

Code-signing mechanism is a vital weapon in the fight against malware, which helps users identify who has signed the app and also provides reasonable proof that it has not been altered.

However, Pitts found that the mechanism used by most products to check digital signatures is trivial to bypass, allowing malicious files bundle with a legitimate Apple-signed code to effectively make the malware look like it has been signed by Apple.

https://thehackernews.com/2018/06/apple-mac-code-signing.html

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Tuesday, June 12, 2018

Remember, Good technology is no match to BAD implementation - - Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive