Conversation

I did! pretty much as soon as I found the bug🐛 ...along with a detailed description and even PoC exploit code 😥 twitter.com/tomjirinec/sta

This Tweet is unavailable.

7:08 PM · Sep 25, 2017

Then I’m definitely waiting for a 0.1 fix for this before installing 😒

adventsol_co_uk

@adventsol_co_uk

Sep 25, 2017

Is it only High Sierra, or all previous versions?

Ataraxie

@mos8580

Sep 25, 2017

Thanks for clarifying, I didn’t get that impression from “High Sierra 0-day”. Not an infosec person, just worried about privacy…

MojoSoDope

@MastermindsMind

Sep 25, 2017

A bug bounty program is absolutely necessary. No way around...

Lorenzo FB … AFK

@lorenzofb

Sep 26, 2017

Maybe if you stopped hacking Macs we wouldn't realize they aren't as secure as they tell us

Discover more

Sourced from across Twitter

Patrick Wardle

@patrickwardle

The

@3CX

supply chain attack resulted in trojanized installers signed w/

@3CX

's Dev ID which were then naively notarized by

@Apple

🤦🏻‍♂️ TIL, Apple did not revoke

@3CX

's signing cert just the notarization ticket of the installer(s) 👀 So technically they're still validly signed 🔐

And speaking of the

supply chain attack, I'm stoked at the opportunity to talk more about this at

@BlackHatEvents

🤩 Specifically diving into the technical details of the three unique macOS payloads used in what many are calling the first "chained" supply chain attack🍎🐛🐛

Quote Tweet

Patrick Wardle

@patrickwardle

The @3CX supply chain attack resulted in trojanized installers signed w/ @3CX's Dev ID which were then naively notarized by @Apple

TIL, Apple did not revoke @3CX's signing cert just the notarization ticket of the installer(s)

So technically they're still validly signed

Show this thread