Apple introduced the built-in anti-malware Gatekeeper feature for its OS X in 2012, and the feature has been instrumental in safeguarding the Macs.

However, a researcher reveals that the Gatekeeper for Mac OS X has a bypass and that the exploit is really easy to carry out.

On Thursday, Oct. 1, at the Virus Bulletin Conference in Prague, security firm Synack's director Patrick Wardle will demonstrate the bypass for Gatekeeper, which he has been working on for some time.

The researcher has already shared his findings with Apple and the company is supposedly working on a short-term solution until it pushes out a patch to users to counter the loophole.

The flaw is a security concern for Apple as its Gatekeeper for Mac OS X will be vulnerable to malware and rogue apps if the issue is not addressed timely.

According to Wardle, a simple method can let one bypass the Gatekeeper easily despite the protection being on to the most stringent setting.

Gatekeeper works in such a manner that it carries out several checks on any application before the app can be executed on any Apple device. However, asks Wardle, what happens when Gatekeeper does not verify if an app is running or loading other applications or even dynamic libraries from an alternate directory? The signed application will be able to access components or software which are replaced by malware sans a verification.

How you ask? Because as Wardle divulges "Gatekeeper only verifies that first application."

So technically, malware can potentially swap a script, an app with a version of the same name, and even a dynamic software library. As such, an attacker can easily dupe a user into downloading an infected app that is signed via a third-party source.

During his research, Wardle discovered that a Photoshop installer that was signed into was able to load plug-ins that belonged to a completely different directory. This directory had been altered for malware.

Wardle also tested his hypothesis by deploying a program distributed by Apple. However, he did not disclose the name.

The method as Wardle surmises is "not super complicated, but it effectively completely bypasses Gatekeeper."

What is worrisome is that since the flaw affects signed apps from third parties as well, the malware can potentially be monitored over downloads that are not encrypted by any individual who gets access to the network connection.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion