Apple's Gatekeeper Bypassed Again

Engadget ^ | January 15, 2016 | Roberto Baldwin

[Utilizer]

Back in September, Synack security researcher Patrick Wardle disclosed a nasty issue with Apple's nefarious-app stopping Gatekeeper system in OS X. While the software is great at stopping malware-infected apps that users have downloaded from the bowels of the internet, it did have a flaw: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory. Because the end user is never aware that this second application is launching, it's a great way to infect a computer. As a responsible researcher, Wardle informed Apple and got a security update as a result. That should have been the end of it, right? Yeah, not so much.

After the release, Wardle reverse-engineered the security patch to see how Apple was dealing with the Gatekeeper problem. He then noticed that the actual underlying vulnerability wasn't addressed. Instead, the company had blacklisted the binaries Wardle was using to demonstrate the issue. When he talked to Apple about it, the company issued a new security update that just blacklisted the latest apps he was working with.

[Utilizer]

Still broken...

[Up Yours Marxists]

But it’s such a corner case...

That’s what all the groupies will say.

[CriticalJ]

Typical.

[Utilizer]

Not certain it’s worthy of your ping-list, but FYI just in case...

[Swordmaker]

The Apple GateKeeper vulnerability where a trusted developer, one with a Mac Developer Certification, could insert a malicious version of an Apple Library file into one of its Mac Application distributions to somehow also distribute malware that could then steal users' secret stuff, is still around despite Apple blacklisting some of the means that its discoverer showed how it could be done. Ignore that any such developer could be sued out of existence by both its customers and Apple for doing any such thing, the sky-is-falling crowd claim that it's possible a man-in-the-middle attacker could intercept someone downloading an honest developer's disk image, insert the malicious fake Apple library file, and then send it on its way . . . and that is enough of a worry for Apple to be flopping around in abject panic about this very obscure possibility. Uh, no, it isn't. The likelihood of this happening is so obscure as to be almost impossible. -- PING!

Obscure Apple vulnerability
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[Swordmaker]

Not certain it’s worthy of your ping-list, but FYI just in case...

It's worth a bit of attention. . . but this has never been seen in the wild because it is so difficult to accomplish, and then the business implications are so dire for a developer to do it which is about the only reasonable way one could think of for any reasonable way for it to work, it couldn't happen that way either.

[generally]

A terrorist or saboteur would not care about being sued.

Good points, though. I’m pretty confident with security on my Mac and iPhone, but I’m still careful and don’t download sketchy things.

[Swordmaker]

A terrorist or saboteur would not care about being sued.

A terrorists or saboteur would not use this means of attack. This is unwieldy and and not an attack designed to hit multiple people. The only way it could by any stretch of the imagination is for the attacker to put their doctored package on a pirate torrent site. Still, that is still a retail attack and people who steal software probably deserve what they get.