Apple’s anti-malware Gatekeeper still useless

January 15, 2016

Apple has flubbed attempts to patch flaws in OS X’s anti-malware system Gatekeeper, leaving the defenses still easy to bypass.

Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, found a way to circumvent Gatekeeper last year. Gatekeeper is supposed to block dodgy apps from running, but it turns out it’s easy for malicious programs to sidestep.

Apple patched Gatekeeper in November in response to Wardle’s findings. However, subsequent work by the researcher ahead of this weekend’s ShmooCon conference – an “East Coast hacker convention” – revealed the patch is “incredibly weak.” The update was “easy to bypass” in minutes, Wardle told El Reg.

Apple’s Gatekeeper is built into OS X, and is designed to block the execution of untrusted code downloaded from the internet. Only executables digitally signed by registered developers – or, with more restrictive settings, packages downloaded from the Mac App Store – should be allowed to run. The technology debuted in July 2012.

Read full story…