Based on the update to the article that dak1 mentioned¹, I’d say that’s actually incorrect:
“Apple issued a new, stronger (SHA-2) Mac App Store certificate in September, before the older (SHA-1) one expired, as planned. The new Mac App Store certificate was using the current, strong SHA-2 algorithm. However, some apps were running receipt validation code using very old versions of OpenSSL that don’t support SHA-2.
OpenSSL started supporting SHA-2 in 2005, which is why Apple didn’t foresee this issue.”
Since I seriously doubt any of Apple apps would be using the older SHA-1 certificate, this probably only affected third-party apps.
“Apple issued a new, stronger (SHA-2) Mac App Store certificate in September, before the older (SHA-1) one expired, as planned. The new Mac App Store certificate was using the current, strong SHA-2 algorithm. However, some apps were running receipt validation code using very old versions of OpenSSL that don’t support SHA-2. OpenSSL started supporting SHA-2 in 2005, which is why Apple didn’t foresee this issue.”
Since I seriously doubt any of Apple apps would be using the older SHA-1 certificate, this probably only affected third-party apps.
――――――
¹ — https://news.ycombinator.com/item?id=10561748