Tenable Research found security issues related to macOS app installers, and they can be used to bypass default Mac security protections. So far, Apple hasn’t fixed it (emphasis mine).
Frustrated by the prevalence of these issues, we decided to write them up and make separate reports to both Apple and Microsoft. We wrote to Apple to recommend implementing a fix similar to what they did for CVE-2020–9817 and explained the additional LPE mechanism discovered.
We wrote to Microsoft to recommend a fix for the flaw in their installer. Both companies have rejected these submissions and suggestions.
Check It Out: How to Get Around macOS Security Using App Installers