Apparently, the security experts in Apple did not believe that this was possible and more to the point when it was warned about the issue the outfit dragged its feet and did not fix it.

Apple's inaction allowed a notorious family of Mac malware to exploit the vulnerability for months before it was subsequently patched the issue.

Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn't reviewed the app -- a process Apple calls notarisation -- or if it doesn't recognise its developer, the app won't be allowed to run without user intervention.

But security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run. Owens said that the bug allowed him to build a potentially malicious app to look like a harmless document, which, when opened, bypasses macOS' built-in defences when opened.

"All the user would need to do is double click -- and no macOS prompts or warnings are generated", he said.

Owens built a proof-of-concept app disguised as a harmless document that exploits the bug to launch the Calculator app, a way of demonstrating that the bug works without dropping malware.

But a malicious attacker could exploit this vulnerability to remotely access a user's sensitive data simply by tricking a victim into opening a spoofed document, he explained.