Apple Signing API Used To Bypass Third Party Anti-Malware Tools

Posted on by

Reports are emerging that Apple's code signing API as implemented by third party anti malware tools including Google Santa, Facebook OSquery, Little Snitch, xFence, Yelp’s OSXCollector, and more allowed unsigned code to pass checks by simply being bundled with code already signed by Apple (archived). This is being framed by parties involved as well as the mainstream tech press as a problem in how all of these third parties implemented the API and not Apple's API or Apple's documentation.

2 thoughts on “Apple Signing API Used To Bypass Third Party Anti-Malware Tools

  1. This is reminiscent of several Officially-signed "do-whatever-you-like" kernel drivers for MS-Win. And yes, they still work, and sort of an open secret.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>