The vulnerability resides in how third-party vendors such as Google and Facebook checks the signed code to verify the integrity of the file. Affected vendors are Google, LittleSnitch, F-Secure-xFence, Yelp OSXCollector, VirusTotal, Carbon Black. The vulnerability went unnoticed for years and there is no evidence of this vulnerability being abused. The code signing API verifies the first binary in the Fat/Universal file to see who signs the executable without passing the flags SecRequirementRef, SecCSFlags, and SecCodeCheckValidity. The malicious binary must be adhoc signed and i386 compiled for an x86_64 bit target.”]
Source: https://gbhackers.com/macos-signature-validation-flaw/