hits counter
Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Did patch in truth tackle the underlying problem? A: No

John Leyden
Get email alert when this author posts
  • Hacking,
  • Security ,
  • Cybercrime,
  • Vulnerability,
  • Malware
  • Apple's anti-malware Gatekeeper even useless: Security bloke reveals lenghty holes
  • What whether China went all GitHub on your website? Grab this coding tool
  • Video sport retailer Entertainment in email marketing FAIL

Apple has flubbed attempts to patch flaws in OS X's anti-malware action Gatekeeper, leaving the defences yet effortless to bypass.

Patrick Wardle, a former NSA staffer who like now heads up test at crowdsourced security intelligence sure Synack, found a way to circumvent Gatekeeper persist year. Gatekeeper is supposed to block dodgy apps from running, nevertheless it turns outside it's basic for deficient programs to sidestep.

Apple patched Gatekeeper in Nov in response to Wardle's findings. However, subsequent endeavor by the researcher ahead of this weekend's ShmooCon convention - an "East Seaside hacker convention" - revealed the patch is "incredibly weak." The modernize was "easy to bypass" in minutes, Wardle told El Reg.

Apple's Gatekeeper is built into OS X, and is designed to block the execution of untrusted statute downloaded from the internet. Sole executables digitally signed by registered developers - or, with exceeding restrictive settings, mail downloaded from the Mac App Store - should be allowed to run. The technology debuted in The middle of summer 2012.

Apple boasts that in that of Gatekeeper, trojans and tampered downloads testament not bother Mac systems. On the contrary this simply isn"t dependable correct now, according to Wardle.

"Even on a fully-patched OS X 10.11.2 system, Gatekeeper is trivial to bypass," Wardle explains in a blog post. "So hackers can (re)start their trojan distributions while society states can buy back to MitM"ing HTTP downloads from the internet."

During a presentation at the Virus Buletin conference in Prague remain October, Wardle gave the lowdown on unpatched vulnerabilities in Gatekeeper that created a resources for miscreants to distribute unsigned binaries to Mac users, outfoxing Gatekeeper in the process.

Apple released a patch shortly afterwards by simply blacklisted a part used by Wardle to bypass Gatekeeper rather than tackling the underlying problem.

Wardle has notified Apple approximately his fresh evaluation and a (hopefully extra comprehensive) allot is likely. In the meantime, users should stick to downloading software from the Mac App Store. Apple does not respond to requests for memo from The Register.

Waddle plans to submission a personal effects that can thwart anti-Gatekeeper programs, protecting OSAn operating system is a collection of software that manages computer hardware resources and provides common services for computer programs X users in the process, to accompany his ShmooCon dissertation on Sunday.

Sponsored: Simpler, smarter authentication

VirusTotal invites Apple fans to play in updated Mac malware sandpit

On the other hand Macs don't excite viruses ... Oh they do, and more and more oftentimes says Google infosec unit
Tomahawk ragtime player

TITSUP: Apple Music, App Stores, iCloud, iTunes, Radio, iBooks

Updated Complete Inability To Sell Habitual Pish

Doh! iTunes store goes down AFTER Apple Digital watch engender

'STATUS_CODE_ERROR' heaps distress on pro-strapon fanbois
Sad Mac

iTunes snafu: DNS fail borked Apple's app & iTunes stores for 10 HOURS

Updated TITSUP: Total Inability To Cooperate Uber-expensive Purchases
Taylor Swift

Dre-stic measures: Apple Beats retreat from iTunes trade-mark - announcement

Covers to be ripped off newly-named Classical streaming utility at WWDC

Bug huntsman reveals Apple iTunes, Mac app store getting deceit

Inject disastrous JavaScript code via the slogan name? Don't conception provided we close
Comments: [0] / Post comment: