The majority of third-party security products for Apple products have long been susceptible to being tricked into thinking malicious code is approved by the tech giant, according to new research from security researchers at software company Okta.
The vulnerability, which could allow an attacker to gain access to a compromised Mac by pretending to be Apple, could have been exploited at any point since 2005’s launch of OSX Leopard, researcher Josh Pitts told CBR.
Apple was reportedly notified of the vulnerability in February, but told Okta the issue was a third-party one. Apple says it is now updating the documentation that explains to software developers how to build whitelisting tools for Macs, according to CBR.
Okta is a publicly-traded identity management company based in San Francisco. It provides cloud software that helps companies manage their employees’ passwords, by providing a “single sign-on” experience.
Like this article? Consider supporting Apple World Today with a $5 monthly Team AWT membership.
