This issue is addressed by sandboxing apps. An app may be able to access another app’s data. This issue is fixed in macOS Mojave 10.14.3, iOS 12.3, watchOS 5.2 and tvOS 12. An app in the foreground may be able to disable lock screen.

An app may be able to disable the lock screen and other security features of the device. This issue is fixed in macOS Mojave 10.14.2, iOS 12, watchOS 5 and tvOS 12. An app may be able to elevate privileges.
This issue is fixed in macOS High Sierra 10.13.6, iOS 12.3, and watchOS 5.2. An app may be able to bypass the code signing process. This issue is fixed in macOS High Sierra 10.13.4, iOS 12. An app may be able to launch privileged code.
An app may be able to launch privileged code without any user interaction. This issue is fixed in macOS High Sierra 10.13. An app may be able to bypass the code signing process.
An app may be able to bypass the code signing process. An app may be able to elevate privileges. An app may be able to launch privileged code.

What is the macOS Code Signing Requirement?

Apple requires that all apps submitted to the Mac App Store and identified as containing code signed by a valid Apple Developer Certificate must be code signed. The macOS Code Signing requirement applies to all software that runs on OS X, including but not limited to:
Apps distributed through the Mac App Store
Apps distributed outside of the Mac App Store via other channels
Native apps running in an app container (e.g., using Xcode Storyboards)
The macOS Code Signing requirement is enforced for all apps submitted to the Mac App Store or identified as containing code signed by a valid Apple Developer Certificate. This means that if your app uses a self-signed certificate, it will not be accepted into the Mac App Store, and you will need to submit your app again with a valid Apple Developer Certificate.

Timeline

Published on: 09/20/2022 21:15:00 UTC
Last modified on: 09/22/2022 16:36:00 UTC

References