My Sierra MacOS agrees to run a signed executable that has been tampered. I checked the file using:
codesign --verify (...)
And got:
invalid signature (code or signature have been modified) (...)
The tampered app worked correctly in both "App Store" and "App Store and identified developers" settings.
This means that anyone can take a signed app and implant a virus before spreading it worldwide.
Am I missing something?
Thanks,
Gil.
codesign --verify (...)
And got:
invalid signature (code or signature have been modified) (...)
The tampered app worked correctly in both "App Store" and "App Store and identified developers" settings.
This means that anyone can take a signed app and implant a virus before spreading it worldwide.
Am I missing something?
Thanks,
Gil.
