Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
A proof of concept method of bypassing Apple's Gatekeeper is going to be revealed today at a security conference with details. Apple was notified about it a couple of months ago so the could work on fixing it. Note: this is a proof of concept at this point. Exploit requires a trusted Apple software developer with an Apple official Certificate to put a maliciously coded files into a DMG file that along with his officially acceptable and certificated software to be installed so the malicious payload also gets installed simultaneously with the intended software. . . a Trojan loading. This is the only way this vulnerability can be exploited. So, DO NOT DOWNLOAD from untrusted suppliers. — PING!


Apple Gatekeeper Vulnerability Proof-of-Concept
Ping!

The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 10/01/2015 12:36:54 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Swordmaker
> This is the only way this vulnerability can be exploited. So, DO NOT DOWNLOAD from untrusted suppliers.

So the standard is that a security feature is "rendered useless" because of one proof-of-concept exploit. As though anything less than 100% effective is 0% effective. Keeping out all the malwares but one has no value? Really? A defense has to be absolutely perfect or else it's worthless?

Nobody has ever judged Windows anti-malware features like that. They range from 70% to 95% effective -- none are 100%.

That's not to excuse the weakness in the defense. Just sayin'...

Tech writers WHORES are so f**kin' corrupt. ANYTHING for a page hit. ANYTHING.

8 posted on 10/01/2015 3:21:41 AM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 2 | View Replies ]
To: Swordmaker

More than that, Swordmaker, the legit application has to invoke the non-legit application, and not use the system’s application launcher to do so (using something like fork() or exec() instead). Remember that Gatekeeper fires when the application is executed, not when it’s installed.

Of course, there’s no need for the developer to do that, because they could easily embed malicious code in the original signed application. All application signing and Gatekeeper does is identify who distributed the application, it makes no guarantee as to the application’s safety. So whether it’s in the main application or a helper application distributed alongside, the developer is still going to be identified and blacklisted if they distribute malware.

The only real attack vector here is to find non-App Store software that is developer signed and uses additional helper applications launched with the likes of fork() and exec(). The attacker can modify/replace the helper application(s) and redistribute the bundle as if it’s the original distribution. A legitimate threat but very limited; downloading from reputable sites/mirrors and validating checksums will avoid any issues.


10 posted on 10/01/2015 6:23:35 AM PDT by kevkrom (I'm not an unreasonable man... well, actually, I am. But hear me out anyway.)
[ Post Reply | Private Reply | To 2 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson