New Mac Exploit Easily Bypasses Gatekeeper Security, Could Allow Installation of Malicious AppsApple introduced
Gatekeeper in 2012, creating it as a method of protection for users against malicious threats by adding various layers of security during installation of Mac apps. The feature is intended to ensure that apps users try to install on their Macs are legitimate and signed by a registered developer, minimizing the threat of malware. But now, a security researcher has discovered a simple method of bypassing Gatekeeper using a binary file already trusted by Apple to attack a user's computer (via
Ars Technica).
Gatekeeper is meant solely to check the initial digital certificate when an app is downloaded on a Mac, ensuring that the program has been signed by an Apple-approved developer or at least comes from the Mac App Store itself before allowing the installation to proceed.
"If the application is valid—so it was signed by a developer ID or was (downloaded) from the Mac App Store—Gatekeeper basically says 'OK, I'm going to let this run,' and then Gatekeeper essentially exits," Patrick Wardle, director of research of security firm Synack, told Ars. "It doesn't monitor what that application is doing. If that application turns around and either loads or executes other content from the same directory... Gatekeeper does not examine those files."
Even if Gatekeeper is enhanced to its highest level of security settings, the new exploit can take advantage of a computer. Once the trusted file makes its way past the security program, it can then execute a handful of other malicious programs attached with the rest of the installation and gains the ability to install malicious software such as password-stealing programs, apps that can capture audio and video from a Mac's camera, and botnet software.
The researcher who discovered the exploit sent news of it to Apple about 60 days ago and "believes they are working on a way to fix the underlying cause or at least lessen the damage it can do to end users." Since then, an Apple spokesperson has confirmed the company is working on a patch for the issue and has asked that the identities of the specific files used in the exploit not be disclosed. Wardle plans to
showcase his research on the Gatekeeper exploit at the Virus Bulletin Conference on Thursday in Prague.
Recent Mac and iOS Blog Stories •
Apple Brings Apple Music, iTunes Movies and iBooks to China •
Twitter to Expand 140-Character Limit With New Product •
Apple Updates Privacy Site to Explain How It Handles Personal Information •
Apple Watch 2 May Arrive in Mid- to Late-2016 •
Apple Adds New Flyover Locations in France, Italy, Spain, Germany, Japan and Mexico •
Apple to Announce Q4 2015 Earnings on October 27 •
Apple Releases Xcode Update With Fixes for App Thinning Bugs •
Tim Cook Discussed Expansion & Apple Pay With India Prime Minister Narendra Modi<br clear='all'/>
<a href="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/1/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/1/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/2/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/2/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/3/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/a2.img" border="0"/>[/url]
<img src="[url]http://adchoice.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/ach.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/a2t.img" border="0"/><img width="1" height="1" src="
http://pi2.feedsportal.com/r/241225194588/u/49/f/648327/c/35070/s/4a4b2802/sc/28/a2t2.img" border="0"/><img width='1' height='1' src='
' border='0'/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/MHyPYQGAl30" height="1" width="1" alt=""/>
Source:
New Mac Exploit Easily Bypasses Gatekeeper Security, Could Allow Installation of Malicious Apps
