Code-signing is a process that checks whether the files are signed with digital certificate
A 15-year-old vulnerability has been discovered by researchers in Apple devices like Macbook that can allow hackers to access sensitive information by bypassing a vulnerability in third-party Mac security programs from Facebook, Google, VirusTotal.
What is the vulnerability?
The bug is in the way several security products for Mac implement Apple's code-signing API, thus allowing hackers to impersonate Apple to sign malicious code and evade third-party security tools. In simpler words, hackers can design custom malware executables and bind them with legitimate Apple applications that would even appear assigned by Apple even when they are not.
What is code-signing?
Code-signing is a process that checks whether the files are signed with digital certificate, i.e., the code is authentic and comes from the organisation that signed it.
So, if a file is signed by MacOS the computer will trust the application. The vulnerability that was found, allowed hackers to merge malicious files with legitimate Apple-signed code and thus make the malware look like it was signed by Apple.
In order to exploit the vulnerability attackers requires Fat binary format contains several Mach-O files written for different CPU architectures (i386, x86_64, or PPC).
Although, it should be noted that the vulnerability is not in macOS how third-party security tools implemented Apple's code-signing APIs when dealing with Mac's executable files called Universal/Fat files.