MacOS will execute anything you ask it to. The normal ways for running programs (like double clicking on them in Finder) causes a (presumably non-buggy) code signature check to run on them, but there are certainly ways of executing programs that bypass this user-facing warning (like running ./Bundle.app/Contents/MacOS/Bundle in a terminal).
The bug described in the article says that some third-party code signature validation methods were flawed and didn't properly detect unsigned code that the third-party programs would then execute.
The bug described in the article says that some third-party code signature validation methods were flawed and didn't properly detect unsigned code that the third-party programs would then execute.