Skip to main content

macOS 3rd Party Certificate Vulnerability

An vulnerability in the way certain third-party macOS developers interpret a popular code signing API could allow any applications to appears as certified.
Threat ID:
CC-2492
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Published:
14 June 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

An vulnerability in the way certain third-party macOS developers interpret a popular code signing API could allow any applications to appears as certified.

Affected platforms

The following platforms are known to be affected:

macOS

  • Apple macOS - All versions
  • Apple OS X - All versions

Threat details

Fat, or Universal, files are used to contain several Mach-O executable files. Products from the affected vendors will check if the first Mach-O file is signed by Apple (or another trusted party) before running all Mach-O files. This means that that any unsigned files contained within the Fat file will be executed, provided the first file is signed.

An attacker may exploit this to bypass regular security protections, which can prevent unsigned files from running.

For further information

Remediation steps

Type Step
All affected developers are producing updates to their tools. Please apply these as soon as they become available.

Last edited: 17 February 2020 12:47 pm