“Now, a security researcher has found a drop-dead simple technique that completely bypasses Gatekeeper, even when the protection is set to its strictest setting,” Goodin reports. “The hack uses a binary file already trusted by Apple to pass through Gatekeeper. Once the Apple-trusted file is on the other side, it executes one or more malicious files that are included in the same folder. The bundled files can install a variety of nefarious programs, including password loggers, apps that capture audio and video, and botnet software.”
“Patrick Wardle, director of research of security firm Synack, said the bypass stems from a key shortcoming in the design of Gatekeeper rather than a defect in the way it operates,” Goodin reports. “Gatekeeper’s sole function is to check the digital certificate of a downloaded app before it’s installed to see if it’s signed by an Apple-recognized developer or originated from the official Apple App Store. It was never set up to prevent apps already trusted by OS X from running in unintended or malicious ways, as the proof-of-concept exploit he developed does.”
“The researcher said he privately alerted Apple officials to his discovery more than 60 days ago and believes they are working on a way to fix the underlying cause or at least lessen the damage it can do to end users,” Goodin reports. “An Apple spokesman confirmed that company developers are working on a patch.”
More details in the full article here.
MacDailyNews Take: Good to see this was presented to Apple and the fix is being worked on. This is the way all security researchers should work. Gatekeeper and OS X will be even stronger thanks to Patrick Wardle and Synack.
Changes coming soon to Apple’s Gatekeeper – August 6, 2014
Security experts: Apple did OS X Mountain Lion’s Gatekeeper right – February 16, 2012
OS X Mountain Lion’s Gatekeeper slams the door on Mac trojans – February 16, 2012