Friday, 2 October 2015

Researcher Bypasses Gatekeeper Security Mac OS X

A researcher has managed to circumvent the Gatekeeper security of Mac OS X, making it possible to run unsigned code on systems. Gatekeeper is a security measure since 2012 is present in OS X and determines which applications can run.

For this Gatekeeper performs several checks. By default, Gatekeeper configured to make only apps from the Mac App Store and identified developers allow. In the latter case, it is developers who have a valid Apple Developer ID certificate. Users can also set Gatekeeper to allow only apps or all apps that come from the Mac App Store.


Researchers Patrick Wardle has now found a way to bypass Gatekeeper. The security measure because it does not appear to check whether an app or other apps code loads from the same or a related directory. Gatekeeper trusts the app, on the basis of the first static control. An attacker can abuse this by allowing the user a signed and infected app download or through a third party via a man-in-the-middle position. In this case, the download should take place over HTTP.

In the case of the attack that the investigator has developed, the user will be offered a DMG file. Once the user opens the file, the malicious file is executed in the same DMG file. The problem is present in OS X Yosemite and the beta version of El Capitan, Wardle so late Threat Post know.

Apple is already working on a solution for the short term until a full patch can be deployed. Users get to the appearance of this workaround or patch advised to only download apps via HTTPS and reliable sites such as the Mac App Store. Wardle today gives at the Virus Bulletin conference a presentation about the issue.

No comments:

Post a Comment