• Security Researcher Finds Easy Way Around OS X's Gatekeeper Security Feature



    Intended to keep OS X users safe from malware, Gatekeeper is a part of Apple's desktop operating system that prevents unsigned applications from running on the computer without the user's consent. Gatekeeper is a feature that can limit applications based on their origin. Applications can be filtered based on whether they come from the Mac App Store, Mac App Store & Identified Developers, or from anywhere including the Internet.

    But according to a security researcher by the name of Patrick Wardle, it's very easy for a developer with poor intentions to bypass Gatekeeper and get his intended access to the machine in question. According to Wardle, all an application developer has to do to get around Gatekeeper in OS X is bundle up a trusted binary file into the malicious application in question so that Gatekeeper thinks the application is from a trusted developer.

    "If the application is valid—so it was signed by a developer ID or was (downloaded) from the Mac App Store—Gatekeeper basically says 'OK, I'm going to let this run,' and then Gatekeeper essentially exits," Wardle told Ars Technica in a personal interview. "It doesn't monitor what that application is doing. If that application turns around and either loads or executes other content from the same directory... Gatekeeper does not examine those files."

    Wardle believes that there are malicious applications out there on the Internet right now that have been taking advantage of this exploit for quite a while, and that publicizing his findings is the right thing to do so that users can be careful on what they download from the Internet. He also notes that he had contacted Apple about the issue over 60 days ago, and while the company has still not implemented a fix, Apple reassures him that they're working on a patch to make Gatekeeper more effective.

    Source: Ars Technica
    This article was originally published in forum thread: Security Researcher Finds Easy Way Around OS X's Gatekeeper Security Feature started by Anthony Bouchard View original post
    Comments 1 Comment
    1. quidam_brujah's Avatar
      quidam_brujah -
      To coin a Jeff Goldblum Jurassic Park phrase, "life will not be contained. Life breaks free, it expands to new territories and crashes through barriers, painfully, maybe even dangerously, but, uh... well, there it is."
      Apple is no exception. Market saturation just needed to reach the tipping point to where people would be interested.
  • Connect With Us

  • Twitter Box

  • Facebook