Skip to main content
  1. Home
  2. Computing
  3. News

Mac malware: researcher shows Gatekeeper flaw just plastered over, not repaired

Justin Pot
By

researcher finds exploit to bypass os xs gatekeeper security apple macbook pro 13 ret 2015 lidlogo
Bill Roberson/Digital Trends
A flaw in Apple’s Gatekeeper security feature isn’t fixed, according to the security researcher who found it. Turns out Apple wasn’t fully patching holes, just blocking specific bits of malware from getting through.

“Even on a fully-patched OS X 10.11.2 system, Gatekeeper is trivial to bypass,” wrote Parick Wardle, who first revealed the flaw, in a blog post demonstrating that it is very much still there. A video shows a man-in-the-middle attack, injecting malware into an unencrypted download of Kaspersky Internet Security for Mac. The malware installed alongside the security software.

Recommended Videos

Gatekeeper is an OS X security feature that, by default, blocks all applications but those downloaded from the Mac App Store, or (optionally) apps from “identified developers.” The idea here is to block malware on Macs: only software developers Apple has approved can get software running on the platform.

Related

But Wardle found a workaround last year. To simplify, an authorized program — such as Kasperskey — is modified to launch a bit of malware when opened. If that malware happens to be in the same folder as the authorized app, it will launch.

Apple seemingly patched the problem in December, but when Wardle reverse-engineered the patch he found it wasn’t comprehensive. Apple had blacklisted the tools Wardle used to bypass Gatekeeper, but hadn’t solved the underlying issue — meaning would-be malware makers needed only to find new tools.

Wardle has been in touch with Apple’s security team, Engadget reports, and says a comprehensive fix is on the way.

And Wardle is working on a fix of his own. “I’ll be releasing a personal tool that can generically thwart such attacks, protecting OS X users,” he wrote in his blog post.

Until one or both of these fixes come online, users can stay safe by sticking only to downloading apps from the Mac App Store or trusted sites that are using HTTPS encryption. That’s probably a good idea even after this problem is patched.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Beware — even Mac open-source apps can contain malware
A pair of glasses rests on a desk in front of multiple computer monitors filled with code.

Installing apps on a Mac is generally considered to be safer than doing so on Windows and open-source software is usually benign but there are exceptions to both of these assumptions that can do untold damage to your privacy and security.

A recent discovery by Trend Micro provides a startling example of this risk. An open-source app designed to help Mac owners with iPhone and iPad app signing has been altered to include a nasty hack that steals your Apple Keychain data. The original app is called ResignTool and it’s available for free on the popular open-source site, GitHub. The app is six years old and both the code and the ready-to-run app can be downloaded from GitHub. That isn’t the problem.

Read more
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more
Update your Mac now to patch this crucial security flaw
The MacBook Air on a table in front of a window.

Apple just released another critical security update with the zero-day fixes appearing in MacOS Monterey 12.6 and Big Sur 11.7. The vulnerability even affects the iPhone and iPad, requiring an update to iOS 15.7 and iPadOS 15.7 to protect these devices.

This is the eighth zero-day this year, putting Apple on track to beat last year's unfortunate record of 12 zero-day flaws.

Read more