A Security Researcher Was Able To Get Through Apple's Security Update In 5 Minutes

Macs have long had a reputation of being safer than Windows computers, and there were even (false) rumors that they couldn't get viruses.

In reality, hackers have been targeting Macs for a while, but there are way less hackers targeting them than Windows computers. Since 2012, Apple has been protecting users with software called Gatekeeper, however, it seems as though Gatekeeper isn't as strong as it should be.

A security researcher by the name of Patrick Wardle, who works for a security firm called Synack, has been looking for ways to hack Gatekeeper for a number of months. After an update to it, he was able to find holes in a matter of minutes.

Currently, Gatekeeper is designed to check any apps downloaded from the Internet to make sure they're either digitally-signed by Apple or recognized as safe by the company. If they are, apps are allowed to run on the machine.

Wardle was able to piggyback on a legitimate app, tricking a computer into thinking there was nothing malicious. Hackers with control over a network such as a public Wi-Fi hotspot can use this technique to insert malicious code into an app that is downloaded over an unencrypted connection.

Basically, Gatekeeper only checks the app once it's downloaded, not the actual code of the app. Apple has reportedly released a patch for this, however, Wardle says he has been able to easily get around the fix.

"[The] patch they released was incredibly weak," said Wardle in an interview with Motherboard. "It literally took me five minutes to completely bypass."

In fact, all Apple did, according to Wardle, was blacklist the apps he was using, but didn't actually fix the issue of not scanning code.

While Apple should release a patch to fix the issue, in the meantime, Wardle says users should only download apps from the Mac Store. When users do have to download an app from somewhere else, they should only do so on an encrypted connection. Not only that, but Wardle also released a tool of his own, called Ostiarius, which scans the code of an app as well as the process the app invokes. The tool is able to then block any process that isn't signed.

Via: Motherboard

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics