Subscribe
Modern field guide to security and privacy

Apple's malware-blocking Gatekeeper still plagued with weaknesses

Even though security research previously revealed the Gatekeeper program contained flaws, Apple still hasn't released a patch to fully protect Mac users from malicious software attacks.

of

Over the summer, security researcher Patrick Wardle notified Apple of vulnerabilities in a critical Mac antimalware program called Gatekeeper. Soon thereafter, the press wrote about the problem and Apple released a patch. Mr. Wardle thought that was the end of the story.

Then, in December, as Mr. Wardle worked up a presentation about the Gatekeeper flaw for a security conference, he noticed something was amiss with Apple's fix.

"Their patch was horrible," said Mr. Wardle, director of research at Synack, a cybersecurity firm. Gatekeeper was still susceptible to attack. 

Recommended: Researcher: Enemies at Mac's Gatekeeper have way around OS X security measure

Technically, the Gatekeeper flaw isn't a bug. The program still does exactly what it's meant to do – authenticate programs that Apple users download from the Internet. But Web apps often come with unsigned, third-party libraries and extensions, such as Photoshop plugins or certain browser components. Gatekeeper was not built to check those for authenticity. Attackers could – and still can – hide malware in those third-party inclusions.

When Apple patched Wardle's discovery, the update did not stop authentic programs from unintentionally installing malware through the third-party libraries or extensions. Instead, the patch blacklisted the specific examples of Gatekeeper-dodging malware that Wardle had used to prove his concept.

"I told them from day one the issue was that Gatekeeper was not verifying third-party extensions and here are one or two applications I could abuse, even though I'm sure I could find other examples," he said.

Wardle worries that fixing what amounts to a symptom rather than the actual problem could unleash a host of new Mac attacks.

"If I'm a Mac hacker, and Apple has a history of not fully patching issues, I'm going to wait until they send out a patch and reverse engineer how to get around it," he said.

Wardle will present his latest findings at ShmooCon, a security conference this weekend in Washington, alongside his own working patch, available on his website. He cautions that his patch is an unofficial product meant more as a demonstration than an official solution – users should download at their own risk.

Apple declined to comment for this story. Wardle says Apple told him that a more comprehensive fix was in the works. More immediately, Apple has already blacklisted the examples Wardle mentions in his upcoming talk.

Though Wardle remains a dedicated Mac user, he would very much like to see the issue finally be resolved.

He joked, "I love my Apple products. But I travel internationally, and I’m sure hackers would like to steal the bugs I’m working on. Apple doesn’t pay outside researchers to report bugs, so this is almost entirely about protecting my own work."

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK