Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Saturday April 25 2015, @11:33AM   Printer-friendly
from the a-hack-a-day-keeps-the-apple-away dept.

New security features such as Gatekeeper and XProtect are simple to bypass and gaining persistence on a Mac isn't much of a challenge:

Gatekeeper is one of the key technologies that Apple uses to prevent malware from running on OS X machines. It gives users the ability to restrict which applications can run on their machines by choosiing to only allow apps from the Mac App Store. With that setting in play, only signed, legitimate apps should be able to run on the machine. But Patrick Wardle, director of research at Synack, said that getting around that restriction is trivial.

"Gatekeeper doesn't verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," Wardle said in a talk at the RSA Conference [in San Francisco] Thursday. "It only verifies the app bundle."

Backing up Gatekeeper is XProtect, Apple's anti-malware system for OS X. Malware isn't a massive problem for OSX, but there definitely are some well-known families out there, with more being created all the time, Wardle said. Getting past XProtect turns out to be just as simple as bypassing Gatekeeper. Wardle found that by simply recompiling a known piece of OS X malware, which changes the hash, he could get the malware past XProtect and execute it on the machine. Even simpler, he could just change the name of the malware, which also lets it sneak in under the fence.

More coverage, including pretty graphics, on ZDNet.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Troll) by Anonymous Coward on Saturday April 25 2015, @01:23PM

    by Anonymous Coward on Saturday April 25 2015, @01:23PM (#175045)

    you suck. that is all

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  

    Total Score:   -1  
  • (Score: 1, Flamebait) by Anonymous Coward on Saturday April 25 2015, @01:33PM

    by Anonymous Coward on Saturday April 25 2015, @01:33PM (#175052)

    As noted open source theologian Eric S. Raymond stated, "given enough eyeballs, all bugs are shallow".

    The eyeballs are all saying that systemd is a bug. That is, not only does it suffer from bugs, but its very existence is a bug.

    Yet now that the bug has been identified, why is it not being fixed? Why is this bug not "shallow"?

    The eyeballs have seen. The eyeballs have spoken. But the eyeballs are then ignored.

    And this is why Linux is dying. Its reputation has been tainted by systemd, and it has become synonymous with a lack of quality.

    OS X may have bugs. It may have security flaws. But the eyeballs don't see them as severe bugs, when Linux presents bugs that make all problems with OS X look completely minor by comparison.

    • (Score: 1, Insightful) by Anonymous Coward on Saturday April 25 2015, @02:53PM

      by Anonymous Coward on Saturday April 25 2015, @02:53PM (#175067)

      As noted open source theologian Eric S. Raymond stated, "given enough eyeballs, all bugs are shallow".

      As noted by many open source contributors, "given enough power, all devs are corrupted".