Apple's Gatekeeper vulnerability nonetheless must be fastened
Again in September safety analysis Patrick Wardle of Synack disclosed a nasty problem with Apple’s nefarious-app stopping Gatekeeper system of OS X. Whereas the app is nice at stopping malware-contaminated apps that customers have downloaded from the bowels of the web, it did have a flaw. A signed app might, upon launch, provoke an unsigned program if it resided in the identical listing. As a result of the top use was by no means conscious that this second software was launching, its a good way to contaminate a pc. As a accountable researcher he knowledgeable Apple and the corporate launched a safety replace. That ought to have been the top of it. Yeah, not a lot.
After its launch, Wardle reverse engineered the safety patch to see how Apple was coping with the Gatekeeper drawback. He then observed that the precise underlying vulnerability wasn’t addressed. As an alternative, the corporate had blacklisted the binaries Wardle was utilizing to exhibit the difficulty. When he talked to Apple about it, they issued a new safety replace that simply blacklisted the newest apps he was working with.
Principally, as an alternative of treating the illness, Apple went after the signs. Wardle is fast to level out that the safety group at Apple is a shiny group and that he is been in touch with them whereas doing his analysis. Wardle says the workforce has reiterated that they’re engaged on a extra complete repair.
However, Wardle is worried about finish customers which have put their belief in a safety replace that does not truly repair the issue. He advised Engadget, “I can reverse engineer this (the safety patch) in 5 minutes so it is one thing others can do as nicely.”
The vulnerability is particularly regarding as a result of it opens up Macs to altered apps which might be the results of man-in-the-center assaults when one thing is downloaded by way of HTTP as an alternative of HTTPS.
Whereas Apple is engaged on a repair, Wardle suggests solely downloading apps from the Mac App Retailer or from trusted distributors that use HTTPS. Truly one thing you have to be doing already. We now have contacted Apple and can replace this publish if it responds.