Isn't this basically "working as intended"?<p>Gatekeeper is not meant to eliminate security bugs in third party applications: Anyone can sign anything, there's no review of your code by Apple. But if your app turns out to be malicious, Apple can revoke your certificate and now it's blocked.<p>In this case, the relevant app isn't malicious, but it will run arbitrary unsigned code that happens to be sitting next to it in its directory. It could just as well do something stupid like opening up an unprotected port and accepting shell commands.<p>It's up to Apple to decide whether this flaw is egregious enough to add the developer to the CRL.<p>The article implies they're investigating other mitigation strategies. I suppose there are options to block this particular scenario, but overall I can't see how they can ensure that developer-signed code is vulnerability-free.