-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from incomplete code signing validation in Universal/fat binaries. The GitHub pull request #160 shows removal of 'signature_chain' references, indicating this function was part of the flawed validation logic. Third-party analysis (Okta blog) confirms the root cause was failure to validate all architectures using proper SecCodeCheckValidity flags (kSecCSCheckAllArchitectures). The function's removal in the patch suggests it was central to the improper certificate validation described in CWE-295.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| osxcollector | pip | < 1.10 | 1.10 |
A Semantic Attack on Google Gemini - Read the Latest Research