HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Mac Accepted Any Root Cert, Making Code Signing Useless(worthdoingbadly.com)

74 points·by anonymouse008·vor 4 Jahren·9 comments
worthdoingbadly.com
Mac Accepted Any Root Cert, Making Code Signing Useless

https://worthdoingbadly.com/coretrust/

9 comments

anonymouse008·vor 4 Jahren
"For years, macOS allowed any root certificate when checking code signatures, making code signing completely useless."
Joyfield·vor 4 Jahren
"Think Different".
egberts1·vor 4 Jahren
My thoughts exactly. I upvoted this despite some clueless folks downvoting you.
Tagbert·vor 4 Jahren
patched in macOS 12.4 / iOS 15.5
wazzaps·vor 4 Jahren
I'm surprised Apple has no comprehensive test suite for this
bobbylarrybobby·vor 4 Jahren
There was that brief period where repeatedly pressing enter on the Lock Screen with an empty password field would eventually let you in as long as you had never seen a `su` password. And if I recall there was also a bug where the password hint would show your password in clear text?
softwarebeware·vor 4 Jahren
This is old news, right? Did they not change this yet?
dserodio·vor 4 Jahren
Even if it's already patched, the fact that it was exploitable for years make it very much relevant. And of course, those with older computers that can't be updated to the latest macOS are still vulnerable.
lapcat·vor 4 Jahren
> This is old news, right?

The article is from July 2.

> Did they not change this yet?

First line of the article: "patched in macOS 12.4 / iOS 15.5"