![]() ![]() “That one would then, behind the scenes, look for a second binary which would be in the same installer package and would execute that.”Īpple patched the issue in October, but did so only by blacklisting the binaries that Wardle provided with his proof of concept code. “So that means I could build an installer package or a zip file and when the user clicks on it, that would actually be the Apple signed binary ,” Wardle said. Wardle said that if the initial file then executes another file in the same directory that Gatekeeper would not verify the second one. He reported that Gatekeeper checks only the initial executable that a user double-clicks on at app install. Wardle, just prior to Virus Bulletin in September and again in December, privately disclosed the vulnerability (CVE-2015-7024) to Apple. Gatekeeper ensures that only apps that are signed with an Apple App Developer Certificate or downloaded from the Apple App Store are executed. This saga began last June when Wardle reported a problem in Gatekeeper, a feature added in the Mountain Lion version of OS X that protects Macs from executing malicious or untrusted apps downloaded from the Internet. The latest measure to address this was released on Thursday and it appears Apple again took steps to mitigate the immediate problem disclosed privately by Synack director of research Patrick Wardle as a stopgap measure until a more comprehensive solution can be engineered. ![]() Apple has had two cracks at patching a vulnerability that allows malicious apps to bypass its OS X Gatekeeper security feature, and twice has taken a shortcut approach to the fix, said the researcher who reported the flaw. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |