CVE-2018-10404

Name of the Vulnerable Software and Affected Versions: Objective-See KnockKnock (affected versions not specified) Objective-See LuLu (affected versions not specified) Objective-See TaskExplorer (affected versions not specified) Objective-See WhatsYourSign (affected versions not specified) Objective-See procInfo (affected versions not specified)

Description: A maliciously crafted Universal/fat binary can evade third-party code signing checks, allowing unsigned code to execute. This occurs because the third-party tool does not complete a full inspection of the Universal/fat binary, leading the user to believe the code is signed by Apple.

Recommendations: For Objective-See KnockKnock, consider implementing full inspection of Universal/fat binaries to prevent evasion of code signing checks. For Objective-See LuLu, consider implementing full inspection of Universal/fat binaries to prevent evasion of code signing checks. For Objective-See TaskExplorer, consider implementing full inspection of Universal/fat binaries to prevent evasion of code signing checks. For Objective-See WhatsYourSign, consider implementing full inspection of Universal/fat binaries to prevent evasion of code signing checks. For Objective-See procInfo, consider implementing full inspection of Universal/fat binaries to prevent evasion of code signing checks.