Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: NurPhoto/Getty Images

Researchers at Okta found a severe problem in the way security programs traditionally use MacOS tools to verify which programs were written by Apple — what is known as code signing.

Why it matters: Apple's developer interface, known as an API, can be tricked so anyone writing malware can convince a bevy of security products that the malware was written by Apple. The problem here is that security products are often loath to distrust Apple and will let that malware run unfettered.

  • Josh Pitts, who discovered the bug, said that Okta does not know if any malware is currently utilizing this flaw to circumvent security programs.

Who it affects: There is no way to know the complete list of what products are vulnerable to this bug. But Okta tested a number of products, and some big name ones have problems, including F-Secure, Facebook and Carbon Black. Every software maker that Okta announced had a problem has released a patch.

  • According to Okta, Apple told the firm that developers would be responsible for correcting their implementation of the API. CERT, the government group that coordinates notifying vendors of widespread security flaws, recommended that Okta write a description of the problem to help vendors assess whether they are vulnerable.
  • That's a double-edged sword. Pitts noted that "once the blog is published, it will be easy for someone to weaponize it."
  • It's critical, said Pitts, that everyone update Mac security software.

Go deeper

USAID chief tests positive for coronavirus

An Air Force cargo jet delivers USAID supplies to Russia earlier this year. Photo: Mikhail Metzel/TASS via Getty Images

The acting administrator of the United States Agency for International Development informed senior staff Wednesday he has tested positive for coronavirus, two sources familiar with the call tell Axios.

Why it matters: John Barsa, who staffers say rarely wears a mask in their office, is the latest in a series of senior administration officials to contract the virus. His positive diagnosis comes amid broader turmoil at the agency following the election.

Bryan Walsh, author of Future
5 hours ago - Health

COVID-19 shows a bright future for vaccines

Illustration: Annelise Capossela/Axios

Promising results from COVID-19 vaccine trials offer hope not just that the pandemic could be ended sooner than expected, but that medicine itself may have a powerful new weapon.

Why it matters: Vaccines are, in the words of one expert, "the single most life-saving innovation ever," but progress had slowed in recent years. New gene-based technology that sped the arrival of the COVID vaccine will boost the overall field, and could even extend to mass killers like cancer.

6 hours ago - Health

Beware a Thanksgiving mirage

Illustration: Sarah Grillo/Axios

Don't be surprised if COVID metrics plunge over the next few days, only to spike next week.

Why it matters: The COVID Tracking Project warns of a "double-weekend pattern" on Thanksgiving — where the usual weekend backlog of data is tacked on to a holiday.