Security Market Segment LS
Saturday, 16 January 2016 14:53

Apple’s OS X Gatekeeper is trivial to bypass Featured


Macs don’t get malware – seriously? Even on a fully patched OS X 10.11.2 system that Apple has supposedly ‘fixed’ its Gatekeeper anti-malware feature fails to block the execution of untrusted code.

That’s according to Patrick Wardle of Synak - a company that bridges the gap between perceived security and actual security by leveraging hacker-powered exploitation intelligence. Let’s call it ‘crowdsourced’ security.

Wardle, former NSA (National Security Agency) researcher, will be presenting his findings to Shmoocon - ‘An annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.’

Wardle says Gatekeeper is trivial to bypass. So hackers can (re)start their Trojan distributions while nation states can get back to MitM’ing (Man in the Middle attacks) HTTP downloads from the internet.


Apple patched Gatekeeper in November in response to Wardle’s revelations. Only properly digitally signed executables (programs) by registered developers, or from the Mac App Store should be able to run. This hole had existed ever since Gatekeeper was introduced in July 2012.

Apparently Apple’s fix was the ‘easy route’ only blocking the tool Wardle used instead of looking more deeply into the issue. Some analysts imply that actually fixing Gatekeeper may kill the patient.

Meanwhile CVE Details has released its "Top 50 Products by Total number of distinct vulnerabilities in 2015" . Mac OS X heads the list at 384, followed by iOS at 375. By comparison the new Windows 10 has 53.

But its Adobe that should be totally shamed – it has 1504 vulnerabilities in Flash Player, Acrobat and AIR.

The list is interesting when you also look at some of Apple’s other products – Safari (135), iTunes (100), Apple TV (57 and a second listing for 43 – perhaps an earlier version), and WatchOS (53).

Other mentions include Google’s Android (130) and Mozilla Firefox (178 and second listing 94).

Update: 17 January

Esteemed iTWire colleague and Mac man Stephen Withers has made some observations on the information in this article. While the article was prepared from official sources his observations (paraphrased) are valid and add to the article.

The CVE Details report is a crude tally that doesn't use sensible categories e.g. it lumps all versions of OS X together, but keeps all versions of Windows separate. [Agreed – it’s a case of lies, damned lies and statistics. However, Windows 10 is not subject to most of the past version vulnerabilities].

Gatekeeper was never about protection against viruses - there have not been any ‘viruses’ in the true sense that affect OS X. [The term ‘Virus’ was used in the header and has since been replaced with Malware].

There's also the question of whether a vulnerability can be readily exploited thanks to mitigations provided by the operating system or other reasons. [Agreed – a vulnerability does not automatically mean it can be exploited].

An example of this is the way Apple blocks old versions of the Flash plug-in from running. It doesn't help if your system is one of the first to be hit, but it's worth noting that old vulnerabilities account for the biggest share of successful attacks. That is, you're a lot less likely to fall foul of the dreaded 'zero-day attack' than you are to an exploit of a vulnerability that was fixed a year ago but for some reason you never got round to installing the patch.

Thanks Stephen.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News