Gatekeeper flaw remains exploitable four months after its discovery<article>
<section class="page">
<p>
A security researcher says flaws in Apple’s Gatekeeper application validation system remain available to exploit, despite Apple patching some vectors
he disclosed on September 30 in security updates released in November and December.</p><p>
“It took me literally five minutes to completely bypass,” says Patrick Wardle, director of research at Synack. He’s not just talking about the problem: He’s also released a tool to block the unpatched pathways to exploitation. To make use of this flaw, a legitimate app has to be modified by a malicious party and then distributed or swapped in when a user thinks the correct package is being downloaded. That said, it remains a reasonable concern.</p><p class="jumpTag"><a href="/article/3022917/macs/gatekeeper-flaw-remains-exploitable-four-months-after-its-discovery.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Gatekeeper flaw remains exploitable four months after its discovery
