A years-old vulnerability has been discovered in the way several security products for Mac implement Apple’s code-signing API that could make it easier for malicious programs to bypass the security check. The vulnerability is not a vulnerability in MacOS itself but a flaw in how third-party security tools implemented Apple’s Code Signing API when dealing with Mac’s executable files called Universal/Fat files. The exploitation of the vulnerability requires an attacker to use Universal or Fat binary format, which contains several Mach-O files (executable, dyld, or bundle)
Source: https://thehackernews.com/2018/06/apple-mac-code-signing.html