Home/

I can be apple and so can you by Josh Pitts from Okta REX Team

In Summary : A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear ...

Reply
https://updatesinfosec.blogspot.com/2018/06/i-can-be-apple-and-so-can-you-by-josh.html
In Summary :

  • A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple.
  • Known affected vendors and open source projects have been notified and patches are available.
  • However, more third party security, forensics, and incident response tools that use the official code signing APIs are possibly affected.
  • Developers are responsible for using the code signing API properly, POCs are released to help developers test their own code.
  • The bypass affects Fat/Universal file format and the lack of verification of nested formats.
  • Affects only macOS and older versions of OSX. [...]

kindly refer the following link as follow up :
https://ift.tt/2MmWHjF

Post a Comment

emo-but-icon
:noprob:
:smile:
:shy:
:trope:
:sneered:
:happy:
:escort:
:rapt:
:love:
:heart:
:angry:
:hate:
:sad:
:sigh:
:disappointed:
:cry:
:fear:
:surprise:
:unbelieve:
:shit:
:like:
:dislike:
:clap:
:cuff:
:fist:
:ok:
:file:
:link:
:place:
:contact:

Newer Post Older Post Home item
Newer Post The Tale of SettingContent-ms Files
Older Post Web App Security 101: How to Defend Against a Brute Force Attack
Home item

ADS

Popular Posts

Flickr Photo

StatCounter

View My Stats