OS X Security program Gatekeeper still leak after patch




Security Researcher Patrick Wardle says that the OS X security Gatekeeper still leak after a recent patch from Apple. It would still be possible to execute malicious code. Apple would be working on a comprehensive solution.

OS X 10:10 Yosemite Wardle, who has previously adopted a similar leak in Gatekeeper, allows to Threat Post that the problem is still not resolved by the latest patch. Initially, he had established that Gatekeeper checks when installing new programs only the first executable file on a valid certificate. However, this could easily be circumvented by the first file to perform a second malicious file. This would then not be noticed by Gatekeeper.

According Wardle Apple has both the first and now “repaired” the second vulnerability, the executable files, which Wardle as evidence sent to the company, to set up a blacklist. The security researcher says that it cost him every time “thirty seconds” to bypass the patch and put on a black list “a very bad idea” is. The only difference would be the last patch that Apple now this was implemented through the XProtect anti-malware program.

At this time, OS X users would remain vulnerable, especially when they download apps from unsafe sites, and if an attacker already has a man-in-the-middle position on the network. Apple said Wardle to know that the previous patches all “highly targeted” and that soon there comes a more comprehensive solution. The researcher will this Sunday on the topic to speak on the SchmooCon conference.


In: A Technology & Gadgets Asked By: [19058 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »