Sponsored Links

Apple's Gatekeeper vulnerability still needs to be fixed

A previous security update only blacklisted nefarious apps.
Apple's Gatekeeper vulnerability still needs to be fixed
Roberto Baldwin
Roberto Baldwin|@strngwys|January 15, 2016 8:00 AM

Back in September, Synack security researcher Patrick Wardle disclosed a nasty issue with Apple's nefarious-app stopping Gatekeeper system in OS X. While the software is great at stopping malware-infected apps that users have downloaded from the bowels of the internet, it did have a flaw: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory. Because the end user is never aware that this second application is launching, it's a great way to infect a computer. As a responsible researcher, Wardle informed Apple and got a security update as a result. That should have been the end of it, right? Yeah, not so much.

After the release, Wardle reverse-engineered the security patch to see how Apple was dealing with the Gatekeeper problem. He then noticed that the actual underlying vulnerability wasn't addressed. Instead, the company had blacklisted the binaries Wardle was using to demonstrate the issue. When he talked to Apple about it, the company issued a new security update that just blacklisted the latest apps he was working with.

Basically, instead of treating the disease, Apple went after the symptoms. Wardle is quick to point out that the security team at Apple is a bright group, and that he's been in contact with them while doing his research. The team has reiterated that it's working on a more comprehensive fix.

However, Wardle is concerned about end users that have put their trust in a security update that doesn't actually fix the problem. "I can reverse engineer this [security patch] in five minutes," he told Engadget, "so it's something others can do as well."

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The vulnerability is especially concerning, because it opens up Macs to altered apps that are the result of man-in-the-middle attacks when something is downloaded via regular HTTP instead of secure HTTPS.

While Apple is working on a fix, Wardle suggests only downloading apps from the Mac App Store or from trusted vendors that use HTTPS -- something you should be doing already, really. We've contacted Apple and will update this post if we get a response.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Apple's Gatekeeper vulnerability still needs to be fixed