Beware, Simple Exploit on Apple GateKeeper is Found

No system is invulnerable! including Apple Mac Computers, a new Exploit discovered by security researchers proves it indeed quite false.

Accordign to Patrick Wardle, director of research at security firm Synack, a simple and silly way to completely bypass one of the core security features in Mac OS X is found by their researcher. A bug is found on Apple GateKeeper.

Courtesy: Daniel Jude (danieljude.wordpress.com)

In July of 2012, Gatekeeper is introduced as Apple’s anti-malware features. Its designed to keep untrusted and malicious applications from wreaking havoc on Macs.

But, Wardle and his researcher has found a quick and simple way to trick Gatekeeper into letting malicious apps through on Mac OS X machines, even if the protection is enabled only from the Mac App Store.

Some of the scenarios following any apps to execute on an OS X machine, Gatekeeper performs a number of checks, such as:

  • Checking the initial digital certificate of a downloaded app
  • Ensuring the app has been signed with an Apple-recognized developer certificate
  • Ensuring the app has been originated from the official App Store
  • Gatekeeper’s Failure

However, what makes Gatekeeper fails to do is – checking whether the app already trusted by OS X checking system is runs or loads other files from the same folder.

This means once Gatekeeper approved an app, it pays no more attention to what that app does. The approved app can execute one or more malicious files,

This event could then install a variety of malicious programs, including:

  • Password loggers
  • Malicious apps that capture audio and video
  • Botnet software
  • and many more…

Wardle and his team is already wrote the proof of concept tool to exploit this bug. Beware!