|
Title: Gatekeeper flaw remains exploitable four months after its discovery Post by: HCK on January 16, 2016, 09:00:14 am Gatekeeper flaw remains exploitable four months after its discovery
<article> <section class="page"> <p> A security researcher says flaws in Apple’s Gatekeeper application validation system remain available to exploit, despite Apple patching some vectors he disclosed on September 30 (http://www.macworld.com/article/2988059/security/gatekeeper-bypass-in-os-x-relies-on-renaming-an-app.html) in security updates released in November and December.</p><p> “It took me literally five minutes to completely bypass,” says Patrick Wardle, director of research at Synack. He’s not just talking about the problem: He’s also released a tool to block the unpatched pathways to exploitation. To make use of this flaw, a legitimate app has to be modified by a malicious party and then distributed or swapped in when a user thinks the correct package is being downloaded. That said, it remains a reasonable concern.</p><p class="jumpTag"><a href="/article/3022917/macs/gatekeeper-flaw-remains-exploitable-four-months-after-its-discovery.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: Gatekeeper flaw remains exploitable four months after its discovery (http://www.macworld.com/article/3022917/macs/gatekeeper-flaw-remains-exploitable-four-months-after-its-discovery.html#tk.rss_all) |