Important tools for keeping malicious software off Macs could have been tricked, cybersecurity firm Okta said in research made public Tuesday.
Okta researchers examined several whitelisting services that scan files for Mac computers and discovered that the tools could allow bad code to skate by and look like it had been cleared by Apple.
“The impact is that I can take malicious code and make it look like it’s signed by Apple itself,” said Josh Pitts, Okta’s senior penetration testing engineer.
The tools, which are made by third parties and not Apple, can give peace of mind to savvy computer users and forensic cybersecurity experts by greenlighting files that are clearly legitimate. That’s important, because even though malicious software designed tois less common than nastiness aimed at Windows computers, Mac malware is real.
The tools are provided by major tech companies such as Facebook, Google and Yelp,