Jun 12, 2018

MacOS bug could let any software pretend to be Apple-made

Photo: NurPhoto/Getty Images

Researchers at Okta found a severe problem in the way security programs traditionally use MacOS tools to verify which programs were written by Apple — what is known as code signing.

Why it matters: Apple's developer interface, known as an API, can be tricked so anyone writing malware can convince a bevy of security products that the malware was written by Apple. The problem here is that security products are often loath to distrust Apple and will let that malware run unfettered.

  • Josh Pitts, who discovered the bug, said that Okta does not know if any malware is currently utilizing this flaw to circumvent security programs.

Who it affects: There is no way to know the complete list of what products are vulnerable to this bug. But Okta tested a number of products, and some big name ones have problems, including F-Secure, Facebook and Carbon Black. Every software maker that Okta announced had a problem has released a patch.

  • According to Okta, Apple told the firm that developers would be responsible for correcting their implementation of the API. CERT, the government group that coordinates notifying vendors of widespread security flaws, recommended that Okta write a description of the problem to help vendors assess whether they are vulnerable.
  • That's a double-edged sword. Pitts noted that "once the blog is published, it will be easy for someone to weaponize it."
  • It's critical, said Pitts, that everyone update Mac security software.

Go deeper

Your best defense against coronavirus

Photo: Adrian Greeman/Construction Photography/Avalon/Getty Images

Washing your hands is the best way to protect against the novel coronavirus, according to doctors and health officials, as the virus continues to spread around the globe.

Why it matters: Clean hands can stop germs from spreading in a community, a known characteristic in COVID-19 and influenza.

Go deeperArrow21 mins ago - Health

Major League Soccer embarks on its 25th season

Illustration: Aïda Amer/Axios

As Major League Soccer begins its 25th season, the league is financially stable and surging in popularity, and its 26 teams have gorgeous facilities and rapidly increasing valuations.

  • It also continues to expand, with David Beckham's Inter Miami and Nashville SC set to debut this season as the 25th and 26th teams. Plans are in place to reach 30 franchises by 2022 — triple the number from 2004.

Wall Street falls 3% as coronavirus correction worsens

raders work on the floor of the New York Stock Exchange. Photo: Scott Heins/Getty Images

Stocks fell more than 3% on Friday morning, pushing stocks further into correction territory.

Why it matters: It continues the ugly stretch for Wall Street that began after a spike in coronavirus cases around the world. The S&P is 15% below its recent peak, edging closer to the mark that would technically end the market’s decade-long rally.

Go deeper: The growing coronavirus recession threat