Terraform 0.13.5 being flagged as malicious on macOS

Did a code signing certificate expire? Attempting to run terraform 0.13.5 locally this morning shows this friendly warning:

It doesn’t appear to be an issue for newer versions of terraform, so finally get upgrading, but posting here as I haven’t seen anyone else report the issue.

In my case terraform was installed by tfenv and has been working happily for a while. I’ve uploaded the binary to virus total and its come back clean.

This was announced on this forum: HCSEC-2023-01 - HashiCorp Response to CircleCI Security Alert - #4 by jfinnigan


@hazmeister If your code signing certificate validity must have got expired, the system showing you a warning alert indicating “terraform 0.13.5” belongs to an unknown source and hence preventing you to run it on your machine…

Alongside you may check for missing iOS code signing certificate and private key errors if your system is unable to detect the same using an easy step iOS Code Signing Guide

MaxB understood the issue- in the aftermath of the Circle CI compromise they’ve revoked their old very and republished their osx applications. Reinstalling using tfenv got me going again.