‘OS X security program Gatekeeper still leaks after patch’

Security researcher Patrick Wardle says the OS X security software Gatekeeper is still leaking after a recent patch from Apple. It would still be possible to execute malicious code. Apple is said to be working on a comprehensive solution.

Wardle, who previously identified a similar vulnerability in Gatekeeper, told Threatpost that the most recent patch still doesn’t fix the issues. Initially, he had determined that Gatekeeper only checks the first executable for a valid certificate when installing new programs. However, this would be easily circumvented by having the first file execute a second, malicious file. This would then not be noticed by Gatekeeper.

According to Wardle, Apple has “fixed” both the first and now the second vulnerabilities by blacklisting the executable files Wardle sent to the company as evidence. The security researcher goes on to say that it took him “about thirty seconds” each time to get around the patch and that blacklisting is “a very bad idea.” The only difference from the previous patch would be that Apple had now implemented it via the anti-malware program XProtect.

At this point, OS X users would remain vulnerable, especially when they download apps from unsafe sites and when an attacker already has a man-in-the-middle position on the network. Apple told Wardle that the previous patches were all “highly targeted” and that a more comprehensive fix is ​​coming soon. The researcher will speak on the topic at the SchmooCon conference next Sunday.