Vulnerability in Mac’s Malware Gatekeeper Exposed

October 1, 2015 at 11:05 am By

Mac users might want to think closely about their web-browsing, at least until a current exploit in the Gatekeeper’s malware protection is fixed. A new report claims that there is a “drop-dead simple exploit” that will give attackers an upper-hand.

“Now, a security researcher has found a drop-dead simple technique that completely bypasses Gatekeeper, even when the protection is set to its strictest setting,” according to Arstechnica.

“The hack uses a binary file already trusted by Apple to pass through Gatekeeper. Once the Apple-trusted file is on the other side, it executes one or more malicious files that are included in the same folder. The bundled files can install a variety of nefarious programs, including password loggers, apps that capture audio and video, and botnet software.”

The Gatekeeper feature is meant to keep users protected from apps downloaded and installed from the internet. While Apple believes that their Mac App Store is the safest place to download apps for Mac’s, they still added the Gatekeeper as a way to get added protection for when users download apps outside of the store.

“The Gatekeeper bypass could conceivably be exploited both by opportunistic criminals pushing banking trojans or similar crimeware lookalikes or state-sponsored hackers who inject malicious code into unencrypted downloads,” according to the report.

“Once an Apple-signed binary is discovered, it would require only a handful of extra lines of code to fold the bypass into an existing exploit.”

According to the report, Apple had been alerted about the exploit 60 days ago and a patch should be on the way.

Read the full story.