Posted on 01/15/2016 7:46:38 PM PST by Utilizer
Back in September, Synack security researcher Patrick Wardle disclosed a nasty issue with Apple's nefarious-app stopping Gatekeeper system in OS X. While the software is great at stopping malware-infected apps that users have downloaded from the bowels of the internet, it did have a flaw: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory. Because the end user is never aware that this second application is launching, it's a great way to infect a computer. As a responsible researcher, Wardle informed Apple and got a security update as a result. That should have been the end of it, right? Yeah, not so much.
After the release, Wardle reverse-engineered the security patch to see how Apple was dealing with the Gatekeeper problem. He then noticed that the actual underlying vulnerability wasn't addressed. Instead, the company had blacklisted the binaries Wardle was using to demonstrate the issue. When he talked to Apple about it, the company issued a new security update that just blacklisted the latest apps he was working with.
(Excerpt) Read more at engadget.com ...
But it’s such a corner case...
That’s what all the groupies will say.
Typical.
Not certain it’s worthy of your ping-list, but FYI just in case...
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
It's worth a bit of attention. . . but this has never been seen in the wild because it is so difficult to accomplish, and then the business implications are so dire for a developer to do it which is about the only reasonable way one could think of for any reasonable way for it to work, it couldn't happen that way either.
A terrorist or saboteur would not care about being sued.
Good points, though. I’m pretty confident with security on my Mac and iPhone, but I’m still careful and don’t download sketchy things.
A terrorists or saboteur would not use this means of attack. This is unwieldy and and not an attack designed to hit multiple people. The only way it could by any stretch of the imagination is for the attacker to put their doctored package on a pirate torrent site. Still, that is still a retail attack and people who steal software probably deserve what they get.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.