Mac Bugs: Simple Mac Exploit Lets Malicious Apps Bypass Gatekeeper Security With Ease
Apple debuted Gatekeeper in 2012 to protect Mac users against malicious software threats. The OS X security feature adds various layers of safety protocols during the installation of Mac apps. Gatekeeper minimizes the possibility of malware by ensuring that only legitimate and registered apps get installed on Mac.
Now, a security researcher has discovered a simple exploit that lets malicious apps sneak past Gatekeeper's defenses, even when the protection tool is set to its strictest setting.
According to Ars Technica, hackers can exploit a vulnerability in Gatekeeper by using a binary file already trusted by Apple. Once the "trusted" file breezes through the security feature, it can then execute a handful of malicious files attached in the same folder.
Malware programs that can be harbored by the binary file include password-stealing apps, third-party audio and video recorders as well as a collection of botnet software.
"If the application is valid—so it was signed by a developer ID or was (downloaded) from the Mac App Store—Gatekeeper basically says 'OK, I'm going to let this run,' and then Gatekeeper essentially exits," said Patrick Wardle, director of research of security firm Synack.
Wardle added that Gatekeeper merely checks the digital certificate of the downloaded app. It doesn't monitor what the particular content is doing. If the Apple-trusted app suddenly seeds out or loads other contents within its directory, Gatekeeper has no way of examining them since Apple hasn't designed it to do so.
The Synack researcher reported the issue to Apple approximately two months ago. He indicated that the Cupertino-based tech giant is already developing an OS X update that will fix the Gatekeeper exploit.
Since then, a spokesperson from Apple has confirmed that the company is busy working on a patch for the issue. The representative also requested to not divulge the identities of the binary files used in the exploit.
As for Wardle, he is expected to present his research paper on the Gatekeeper exploit at the Virus Bulletin Conference in Prague on Oct. 1, per the conference's official website.
"If I can find it, you have to assume groups of hackers or more sophisticated nation states have found similar weaknesses," said Wardle. "I'm sure there are other Apple-signed apps out there (that can be used to bypass Gatekeeper)."
The Gatekeeper exploit isn't the only Mac bug Apple is keeping tabs on these days.
The company is also developing a fix for the Keychain vulnerability on Safari that lets hackers steal or delete sensitive user data such as usernames, passwords and credit card numbers, Apple Insider reported
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!