GettyAppleInsider reports that a vulnerability first disclosed to Apple three months ago remains unpatched and now the security researcher who found it has gone public. Filippo Cavallarin has published details of how the vulnerability enables a user to be tricked into running malicious applications, bypassing the Gatekeeper function in the process. Gatekeeper is the Apple mechanism that has, since 2012, been enforcing the code signing and verification of application downloads. According to Cavallarin, he contacted Apple February 22 and the vendor is aware of the issue. Cavallarin suggests a possible workaround of disabling automount, but it certainly isn't for non-technical Apple Mac users.

Source: Forbes May 26, 2019 11:03 UTC