Photo: NurPhoto/Getty Images

Researchers at Okta found a severe problem in the way security programs traditionally use MacOS tools to verify which programs were written by Apple — what is known as code signing.

Why it matters: Apple's developer interface, known as an API, can be tricked so anyone writing malware can convince a bevy of security products that the malware was written by Apple. The problem here is that security products are often loath to distrust Apple and will let that malware run unfettered.

  • Josh Pitts, who discovered the bug, said that Okta does not know if any malware is currently utilizing this flaw to circumvent security programs.

Who it affects: There is no way to know the complete list of what products are vulnerable to this bug. But Okta tested a number of products, and some big name ones have problems, including F-Secure, Facebook and Carbon Black. Every software maker that Okta announced had a problem has released a patch.

  • According to Okta, Apple told the firm that developers would be responsible for correcting their implementation of the API. CERT, the government group that coordinates notifying vendors of widespread security flaws, recommended that Okta write a description of the problem to help vendors assess whether they are vulnerable.
  • That's a double-edged sword. Pitts noted that "once the blog is published, it will be easy for someone to weaponize it."
  • It's critical, said Pitts, that everyone update Mac security software.

Go deeper

Updated 2 hours ago - Politics & Policy

Biden raises $141 million more than Trump

Combination images of President Trump and his 2020 presidential rival Joe Biden. Photo: Sarah Silbiger/Getty Images/Alex Wong/Getty Images

Joe Biden's campaign, the Democratic National Committee and joint fundraising committees raised $466 million cash on hand, the presidential candidate's team announced late Sunday.

Why it matters: President Trump's campaign raised $325 million, his campaign communications director Tim Murtaugh announced Friday. In the spring, Biden was $187 million behind Trump and the Republican National Committee.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 1 a.m. ET: 30,935,011 — Total deaths: 959,565— Total recoveries: 21,159,459Map.
  2. U.S.: Total confirmed cases as of 1 a.m. ET: 6,804,814 — Total deaths: 199,509 — Total recoveries: 2,590,671 — Total tests: 95,108,559Map.
  3. Politics: Testing czar on Trump's CDC contradictions: "Everybody is right" Ex-FDA chief: Career scientists won't be "easily cowed" by political vaccine pressure.
  4. Education: What we overlooked in the switch to remote learning.
  5. Health: The dwindling chances of eliminating COVID-19 — 7 states set single-day coronavirus case records last week.
  6. World: England sets £10,000 fine for breaking self-isolation rules — The countries painting their pandemic recoveries green.

Virtual Emmys address chaotic year for American TV and society

Emmy Host Jimmy Kimmel during rehearsals Friday for the 72nd Annual Emmy Awards at the Staples Center in Los Angeles. Photo: Al Seib/ Los Angeles Times via Getty Images

The Emmy Awards Sunday night addressed the major U.S. issues this year — including the protests on systemic racism and police brutality, the wildfires engulfing parts of the West Coast, the census, the pandemic, essential works and the election.

Why it matters: Award shows have always addressed wider cultural issues, but this year — amid unprecedented stress and uncertainty — that trend has accelerated.