Signature Checks exploit on Mac OS fixed

June 13, 2018

Author: Jake Wertman

Mac OS has been vulnerable to malware through a flaw in the security signatures process for third-party developers.

Digital signatures are a way for users to know if a piece of software is certified safe with the operating system’s parent company, in this case Apple.  Third-party developers must go through a process to ensure that their software can be signed and approved by Apple before their software can be published and verified as a safe program.  This exploit was able to circumvent a bevy of security measures and trick Mac OS into accepting malicious code as part of a legitimate third-party tool.

The breach involved the use of the Universal Binary programming format which allows an application to work across multiple CPU architectures without installing different versions of the application.  By piggybacking off of legitimate software, malware can exploit the Universal Binary format to gain security signatures for malicious code.  Patrick Wardle, the developer of the Objective-See tools and Chief Research Officer at Digita Security, has stated that it is very easy for hackers to bypass third party tools if they are actively targeting that software.

“If a hacker wants to bypass your tool and targets it directly, they will win,” Wardle said.  Wardle has also made it clear that this hack was due to the poor documentation for Apple’s API.  According to Wardle, the documentation was poorly worded which led to confusion on the side of developers and a misuse of security measures that would flag the unwanted software as illegitimate.

Since becoming aware of this exploit, Apple has updated their documentation to make it clear which security measures developers should use when creating applications for Mac OS. Developers should make sure that their third-party software on Mac OS are complying with updated security signature standards.

Follow the link below to read the original article by ArsTechnica:

https://arstechnica.com/information-technology/2018/06/simple-technique-bypassed-macos-signature-checks-by-third-party-tools/

Back