Security researchers have found an unpatched vulnerability that can completely bypass macOS Gatekeeper security feature to run malicious code. You should watch out for this vulnerability when running applications on your Mac. This vulnerability was first informed by Apple on February 22. However, the latest macOS update hasn’t fixed the vulnerability even though it was supposed to.
Filippo Cavallarin details the security vulnerability on his website and explains how it solves the Gatekeeper problem. This feature prompts the user to confirm that they want to install the app from outside the Mac App Store.
The key of the vulnerability infection is how macOS handles network sharing and treats it as a secure way. By exploiting the vulnerability, the hackers can trick the system into opening a zip file archive containing malicious code, bypassing the Gatekeeper function in the process. In theory, potential hackers can run any malicious code they like.
Although the vulnerability still requires someone to open a zip file and trust the files it contains to work, it seems to be an effective way to bypass Gatekeeper protection. In theory, Gatekeeper would kick in and prevent it from running without the express consent of the user if the user were about to download an app outside of the Mac App Store. Gatekeeper considers external drives and network shares as being “safe locations” allowing apps they contain to be run while hackers make uses of it to run malicious codes.
According to Cavallarin, he contacted Apple February 22 for the vulnerability. He said, “It was supposed to be addressed, according to the vendor, on May 15, but Apple started dropping my emails.” As a 90 day disclosure deadline, which he says Apple is aware of, has now passed, Cavallarin has made details of the vulnerability public.
As for Apple’s response to Cavalartin’s report, we don’t know when the vulnerability will be fixed. No matter what operating system you run, it will alert you to all incoming files, especially if they can run the code on your computer. Be cautious against unknown software on the Internet.
Published by Emerson L. Sullivan & last updated on May 27, 2019 2:49 am