I Can Be Apple, and So Can You presented at DerbyConVIIIEvolution 2018

by Josh Pitts,

Summary : Cryptographic verification of executables is a core security feature that many third-party developers and security personnel have learned to trust. During this talk, the speaker will cover the most recent Apple code signing bug that was found to affect everyone that uses Apple’s documented APIs for conducting code signing checks of signed applications. This will include the methodology for finding the issue, the reporting process, working with vendors, and a path forward for organizations that use Apple code signing as a measure of trust.