Gatekeeper bypass in OS X relies on renaming an app<article>
<section class="page">
<p>A researcher has discovered that the OS X Gatekeeper setting to restrict app launching only to those cryptographically signed by Apple or to both Apple and third-party developers has a flaw: A signed app can access other software or components that have been replaced with malware without a separate verification stage.</p><p>“Gatekeeper only verifies that first application,” says
Patrick Wardle, the director of research at enterprise research firm
Synack. That means s malicious party can swap out a dynamic software library, a command-line executable (such as a script), or another app with a same-named version. In his testing, Wardle found that a signed Photoshop installer would load plug-ins from another directory that were changed out for malware without any further notification. He also tested with an Apple-distributed program that he declined to disclose at Apple’s request.</p><p class="jumpTag"><a href="/article/2988059/security/gatekeeper-bypass-in-os-x-relies-on-renaming-an-app.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Gatekeeper bypass in OS X relies on renaming an app
