A Bug Disguises Malware as Apple Software

Last updated June 23, 2021
Written by:
TechNadu Staff
TechNadu Staff
Staff Writer
Courtesy of Wccftech

Apple is very well known for its security when compared to other operating systems such as Android or Windows. Whether it is iPhone, iWatch, iPad, or MacBook – the tech giant is second to none when it comes to Apple software security. However, according to the recent findings of a cloud software Okta, it is believed that third-party software and applications have failed Apple’s stringent security and signing checks. However, the finding is only ‘recent’, this is happening for over 11 years now where hackers and online criminals have found an easy way to bypass Apple software security.

File to Trash

Courtesy of Apple

Even though the fault does not lie within MacOS, hackers somehow got past the scrutiny. The problem is within the third-party security tools and their implementation via Apple APIs. Hackers could easily trick the security tools hosted by third parties by making them believe that Apple has signed the ‘malicious wares.’ According to the Staff Engineer, Research and Exploitation at Okta, Josh Pitts said, “I can take the malicious code and make it look like it’s signed by Apple.”

Modern operating systems rely on digital signature and over the past few years, it has become a key security function. It goes without saying that you are bound to trust a file or an app that is cryptographically signed by Apple. How about if YOUR security tool tells you the same? For years now, hackers have been using this bug to sign certain apps with a private key of trusted parties.

Hence, in a nutshell, Apple’s APIs are indeed confusing.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: