CVE-2018-10406

Name of the Vulnerable Software and Affected Versions: Yelp OSXCollector (affected versions not specified)

Description: A maliciously crafted Universal/fat binary can evade third-party code signing checks in Yelp OSXCollector. This occurs because the tool does not complete a full inspection of the Universal/fat binary, leading to the execution of malicious unsigned code. The user of the third-party tool may mistakenly believe the code is signed by Apple.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.