Researcher finds exploit to bypass OS X’s Gatekeeper security

researcher finds exploit to bypass os xs gatekeeper security apple macbook pro 13 ret 2015 lidlogo
Bill Roberson/Digital Trends
There’s an old myth that Macs are invulnerable to malware.  This was never really the case, and is certainly quite false today — as evidenced by a new exploit discovered by researchers that could render the operating system’s Gatekeeper security package.

First introduced in 2012, Gatekeeper is Apple’s proprietary method of keeping Macs safe and secure. It’s a handy, pre-installed program that can differentiate between legitimate programs and applications that have been tampered with, as well as helping users steer clear of nuisance software like Trojans and key-loggers.

However, a security researcher has now found a simple method of counteracting the program and bypassing its defences, according to a report from Ars Technica. This exploit uses a trusted binary file to avoid the program’s security measures, which allows for malicious code housed in the same folder to run successfully following the check.

The site spoke to Patrick Wardle, director of research for security firm Synack, who stated that this is a problem with the very design of Gatekeeper. The validity of the application is the only thing that the program checks, so if that’s given the OK, other code can run relatively easily.

Wardle goes on to suggest that the exploit can be carried out simply by downloading a widely available binary, renaming it, and then pairing it with the desired malicious code rather than its typical partner. This information has already been submitted to Apple, and it’s under the company’s request that the specific binary goes unnamed.

A representative of Apple has confirmed that a patch in in development by the company, although at present there’s no timeline on when it will be made available to users. Wardle will present his findings this week at the Virus Bulletin Conference in Prague.

Gaming

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Microsoft will end support for Windows 7 one year from now

Microsoft is set to end extended support for Windows 7 on January 14, 2020, putting a halt on the free bug fixes, and security patches for most who have the operating system installed. 
Mobile

Yubico has a new Lightning-based YubiKey to lock down your iOS devices

Yubioco announced at CES 2019 that received approval for a Lightning key that is currently in private testing, which means there will soon be a safe and secure way to use a physical security key with your iOS device.
Mobile

If you're looking for a good laugh, here are 70 questions to ask Siri

Siri has come a long way since her first appearance on the iPhone 4S in 2011. We know she can make appointments and give directions, did you know she can make you laugh too? If you want proof, here are lots of funny questions to ask Siri.
Deals

Save over $350 on the Refurbished iPad 4 for a limited time

Looking to buy an iPad without having to pay that iPad price? For a limited time, you can pick up a refurbished iPad 4 for as low as $137. That's $363 less than you would pay for something brand new.
Movies & TV

Apple’s first original feature film reunites Bill Murray, Sofia Coppola

The Lost in Translation team of Sofia Coppola and Bill Murray will reunite with their A Very Murray Christmas collaborator Rashida Jones for On the Rocks, Apple and studio A24's first official feature together.
Mobile

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Mobile

On a budget? We found the best affordable smartphones you can buy

Here are the best cheap phones for anyone working with a tight budget, whether you're a fan of stock Android or marathon battery life. Find out what you can get for under $500 or far, far less as we round up the best budget smartphones.
Mobile

Apple’s iPhone battery offer was reportedly way more popular than expected

As many as 11 million iPhone owners reportedly made use of Apple's cheaper battery replacement offer that launched in 2018 in response to the iPhone throttling debacle — some 10 times more than the company had apparently expected.
Mobile

Unleash your inner artist with the best drawing apps for the iPad Pro

The best drawing apps for the iPad Pro turn Apple's robust tablet into a canvas worthy of a true artist. Here are 20 of our current favorites, whether you're looking to keep things simple or take your art to the next level.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Mobile

C you soon? Rumors swirl of a USB-C port on 2019 iPhones

While it's not been long since the last iPhones launched, rumors for the next iPhone are already surfacing. Apple's 2019 flagship could include a variety of upgrades ranging from a new design to enhanced features.
Mobile

Biometric phone unlocks can’t be forced by feds, says U.S. judge

Fingerprint and face unlocks used to not be protected by the Fifth Amendment, but that may soon change. A judge in California has ruled biometric unlocking methods of all kinds are protected in the same way as passcodes.