New research exploit holes in Apple’s non-working approach for fixing Gatekeeper.
In response to the security issue discovered in September 2015, Apple shipped a fix, but the security researcher who discovered the original vulnerability claims to have found an obvious work-around.
Read the full article off-site here
“It literally took me five minutes to fully bypass it,” Wardle, who is director of research of security firm Synack, told Ars, referring to the updated Gatekeeper. “So yes, it means that the immediate issue is mitigated and cannot be abused anymore. However the core issue is not fixed so if anybody finds another app that can be abused we are back to square one (full gatekeeper bypass).”
The attack uses a file already trusted by Apple to pass through Gatekeeper. Once on the computer, the trusted file executes one or more malicious files that are included in the same folder which in turn can install a variety of malicious non-Apple trusted programs. These can be anything, including password loggers, apps that capture audio and video, botnet software and so on.
That’s what you get when you patch only a pinpointed vulnerability without looking into the cause of it!