Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Apple Gatekeeper bypassed once again by a researcher

Once again, the security expert Patrick Wardle has demonstrated how to bypass the Apple Gatekeeper security feature. Once again, a security expert demonstrated how to bypass OS X’s Gatekeeper security feature, and the worst news is that the patch distributed by Apple fixes the problem only temporarily. Apple tried to mitigate the attack method (CVE-2015-7024) with the […]

Apple zero-day

Once again, the security expert Patrick Wardle has demonstrated how to bypass the Apple Gatekeeper security feature.

Once again, a security expert demonstrated how to bypass OS X’s Gatekeeper security feature, and the worst news is that the patch distributed by Apple fixes the problem only temporarily.

Apple tried to mitigate the attack method (CVE-2015-7024) with the release of a new OS version, the OS X El Capitan 10.11.1.

The Apple Gatekeeper is designed to protect OS X users by performing a number of checks before allowing an App to run. In fact, you will not be able to execute code that wasn’t signed by an Apple developer, you will not be able to run apps that weren’t downloaded from Apple’s store if the device is not jailbreaked of course.

Last year Patrick Wardle, director of research at Synack, first demonstrated how to bypass the Apple Gatekeeper with a method called Apple dylib hijacking, and later he presented a second method at Black Hat USA that relies on the fact that Gatekeeper only implements static checks of the app bundles.

Wardle explained that an attacker can use a malware that remain silent during the Apple Gatekeeper checks, then it activates the malicious code.

The GateKeeper bypass is a three-step process composed of the following phases:

  1. The attacker identifies a signed application that loads and executes an external binary at runtime.
  2. The attacker creates a .dmg file in includes the malicious file.
  3. The attacker delivers the malicious .dmg file to users by injecting it into insecure download connections or by spreading it using third-party app stores.

Apple gatekeeper bypass

The OS X El Capitan 10.11.1. doesn’t completely fix the issue because its behavior simply consists in blocking the signed applications abused by Wardle in his demo, but the expert in December has found another binary trusted by Apple that allowed him to bypass Gatekeeper.

The principal problem is that the Apple Gatekeeper will be bypassed again if attackers in the wild will identify another signed app that loads and executes an external library at runtime.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Apple Gatekeeper, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]