Skip to main content

Mac malware: researcher shows Gatekeeper flaw just plastered over, not repaired

researcher finds exploit to bypass os xs gatekeeper security apple macbook pro 13 ret 2015 lidlogo
Bill Roberson/Digital Trends
A flaw in Apple’s Gatekeeper security feature isn’t fixed, according to the security researcher who found it. Turns out Apple wasn’t fully patching holes, just blocking specific bits of malware from getting through.

“Even on a fully-patched OS X 10.11.2 system, Gatekeeper is trivial to bypass,” wrote Parick Wardle, who first revealed the flaw, in a blog post demonstrating that it is very much still there. A video shows a man-in-the-middle attack, injecting malware into an unencrypted download of Kaspersky Internet Security for Mac. The malware installed alongside the security software.

Gatekeeper is an OS X security feature that, by default, blocks all applications but those downloaded from the Mac App Store, or (optionally) apps from “identified developers.” The idea here is to block malware on Macs: only software developers Apple has approved can get software running on the platform.

But Wardle found a workaround last year. To simplify, an authorized program — such as Kasperskey — is modified to launch a bit of malware when opened. If that malware happens to be in the same folder as the authorized app, it will launch.

Apple seemingly patched the problem in December, but when Wardle reverse-engineered the patch he found it wasn’t comprehensive. Apple had blacklisted the tools Wardle used to bypass Gatekeeper, but hadn’t solved the underlying issue — meaning would-be malware makers needed only to find new tools.

Wardle has been in touch with Apple’s security team, Engadget reports, and says a comprehensive fix is on the way.

And Wardle is working on a fix of his own. “I’ll be releasing a personal tool that can generically thwart such attacks, protecting OS X users,” he wrote in his blog post.

Until one or both of these fixes come online, users can stay safe by sticking only to downloading apps from the Mac App Store or trusted sites that are using HTTPS encryption. That’s probably a good idea even after this problem is patched.

Editors' Recommendations

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
This dangerous Mac malware can infiltrate your entire system
A depiction of a hacker breaking into a system via the use of code.

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

Read more
The new M2 MacBook Air still has one glaring flaw
macbook air 2022 news price release date new m2 display

The M2 MacBook Air was among the biggest highlights from Apple's WWDC keynote today. Not only does it feature a brand new design, but it's also powered by the next-gen M2 chip.

However, for all the improvements M2 is getting from M1, there is still one glaring flaw around its ports.

Read more
The best new MacOS Monterey features Apple just announced
apple wwdc 2021 everything announced mac os montery2 copy

Apple is fresh off the announcement of a developer preview of MacOS Monterey at WWDC 2021 and there's a lot to be excited about. If you're well invested in the Apple ecosystem of devices, then Apple has your back with this new operating system.

The latest MacOS release brings lots of new features that are all designed to help your iPad and Mac play nicely together. Here's a look at the best new Mac OS Monterey features to try out once the public beta opens up next month -- or with the developer preview that opened up today on June 7.
Universal Control
Universal Control Keynote — MacOS & iPadOS — WWDC 2021

Read more