You must log in or # to comment.
Could Apple not then revoke their certificate, preventing any future occurrences?
Yes, and additionally if I’m reading this correctly, this attack would only work for people whose security settings are to run any signed code from trusted developers. One of the standard options is trusting only App Store distributed code for which this attack would not work