The security researcher who identified a serious flaw in Apple’s Gatekeeper reports that the vulnerability remains despite two security patches applied by the company. Each, he says, only blocks the specific apps he used to demonstrate the method.
Gatekeeper in theory allows users to ensure that their Mac will only run apps downloaded from the Mac App Store – or alternatively, signed by a known developer if you opt for a lower level of protection. But Patrick Wardle last September found a major vulnerability in this protection which would allow any malicious app to be run no matter what Gatekeeper setting was chosen.
Wardle informed Apple, which issued a security patch in response, but Wardle has now reverse-engineered the patch and found that it provides only extremely limited protection …
Engadget reports that Apple simply blocked the specific apps Wardle had used as proof of concept. He was able to work around this by using a new set of apps, and Apple again responded only by blocking those specific apps. The Apple team has, however, assured him that it is working on a more comprehensive fix.
The only way to protect against the vulnerability for now is to ensure that a Mac has only ever downloaded apps from the Mac App Store or from trusted developers that provide downloads over an https link.
