Researcher finds exploit to bypass OS X’s Gatekeeper security

researcher finds exploit to bypass os xs gatekeeper security apple macbook pro 13 ret 2015 lidlogo
Bill Roberson/Digital Trends

There’s an old myth that Macs are invulnerable to malware.  This was never really the case, and is certainly quite false today — as evidenced by a new exploit discovered by researchers that could render the operating system’s Gatekeeper security package.

First introduced in 2012, Gatekeeper is Apple’s proprietary method of keeping Macs safe and secure. It’s a handy, pre-installed program that can differentiate between legitimate programs and applications that have been tampered with, as well as helping users steer clear of nuisance software like Trojans and key-loggers.

However, a security researcher has now found a simple method of counteracting the program and bypassing its defences, according to a report from Ars Technica. This exploit uses a trusted binary file to avoid the program’s security measures, which allows for malicious code housed in the same folder to run successfully following the check.

The site spoke to Patrick Wardle, director of research for security firm Synack, who stated that this is a problem with the very design of Gatekeeper. The validity of the application is the only thing that the program checks, so if that’s given the OK, other code can run relatively easily.

Wardle goes on to suggest that the exploit can be carried out simply by downloading a widely available binary, renaming it, and then pairing it with the desired malicious code rather than its typical partner. This information has already been submitted to Apple, and it’s under the company’s request that the specific binary goes unnamed.

A representative of Apple has confirmed that a patch in in development by the company, although at present there’s no timeline on when it will be made available to users. Wardle will present his findings this week at the Virus Bulletin Conference in Prague.