Note: this is a proof of concept at this point. Exploit requires a trusted Apple software developer with an Apple official Certificate to put a maliciously coded files into a DMG file that along with his officially acceptable and certificated software to be installed so the malicious payload also gets installed simultaneously with the intended software. . . a Trojan loading. This is the only way this vulnerability can be exploited. So, DO NOT DOWNLOAD from untrusted suppliers.
To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
A proof of concept method of bypassing Apple's Gatekeeper is going to be revealed today at a security conference with details. Apple was notified about it a couple of months ago so the could work on fixing it. Note: this is a proof of concept at this point. Exploit requires a trusted Apple software developer with an Apple official Certificate to put a maliciously coded files into a DMG file that along with his officially acceptable and certificated software to be installed so the malicious payload also gets installed simultaneously with the intended software. . . a Trojan loading. This is the only way this vulnerability can be exploited. So, DO NOT DOWNLOAD from untrusted suppliers. — PING!
Apple Gatekeeper Vulnerability Proof-of-Concept
Ping!
The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.
If you want on or off the Mac Ping List, Freepmail me.
2 posted on
10/01/2015 12:36:54 AM PDT by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: Swordmaker
I don’t fault Apple for being unable to thwart hackers.
Given the complexity of a modern OS and the brilliance of the many truly gifted hackers attempting to break security there is simply no way to be 100% secure.
This is just the world we live in...
:-(
3 posted on
10/01/2015 12:38:43 AM PDT by
Bobalu
(See my freep page for political images.)
To: Swordmaker
So I shouldn’t click on a “weird trick” malware ad?
4 posted on
10/01/2015 12:40:22 AM PDT by
Squeako
(It's a Cult of Personality and it's gonna be huge...a huge missed opportunity to vote conservative.)
To: Swordmaker
Apple has to approve apps downloaded from the Apple Store. Surely Apple checks them for malware. The certified developer would have to fool Apple’s malware checkers, or the user would have to accept a DMG file from a source other than Apple.
6 posted on
10/01/2015 1:13:33 AM PDT by
AZLiberty
(No tag today.)
To: Swordmaker
So, DO NOT DOWNLOAD from untrusted suppliers. Yep - it requires "helpful authorization" from the user.
Like they say: You can make anything fool-proof, but you can't make it damn-fool-proof....
9 posted on
10/01/2015 3:38:46 AM PDT by
trebb
(Where in the the hell has my country gone?)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson