Home / / Apple Mac OS X patch still flawed

Apple Mac OS X patch still flawed

Apple’s anti-malware Gatekeeper software has been an instrumental feature in Mac OS X since it was introduced in 2012, however a former NSA staffer has cracked it twice.

Apple Mac OS X patch still flawed
Despite Apple’s efforts, Wardle managed to bypass Gatekeeper once again, stating the patch is ‘incredibly weak’ and ‘easy to bypass’ in minutes

Last year, Patrick Wardle, now head of research at security intelligence firm Synack, discovered a way to bypass Gatekeeper and notified Apple of his findings. Shortly after, Apple released a patch by blacklisting a tool used by Wardle, rather than tackling the root of the problem.

Despite Apple's efforts, Wardle managed to bypass Gatekeeper once again, stating the patch as ‘incredibly weak' and ‘easy to bypass' in minutes.

Gatekeeper is designed to block untrusted code downloaded from the Internet before it is launched on a Mac, however Wardle was able to carry out a malicious download that contained both a legitimate Apple-signed app but hidden with an unsigned malicious file. When launched onto a Mac, Gatekeeper was unable to prevent the malware from running.

Apple previously praised the anti-malware software saying Trojans and tampered downloads would not bother Mac systems, but Wardle disagrees.

"Gatekeeper has one job: to block unauthenticated code coming from the Internet," said Wardle. "We've completely bypassed this. To me, Gatekeeper is no obstacle at all."

Wardle added: "Even on a fully-patched OS X 10.11.2 system, Gatekeeper is trivial to bypass," Wardle explains in a blog post. "So hackers can (re)start their Trojan distributions while nation states can get back to MitM'ing HTTP downloads from the Internet."

Wardle plans to showcase a full teardown of the vulnerability at the East Coast hacker convention, ShmooCon conference.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.