Everyone knows what attention Apple pays security on their operating system. But even the company of such scale is not always able to detect all critical errors and vulnerabilities that can be exploited. One of these problems was discovered by security researcher Filippo Cavallarin. According to him, the security of users is compromised, because of a bug in Gatekeeper.
First clarify, what is the mechanism of protection of Gatekeeper. The fact is, that all apps downloaded to bypass the Mac App Store at startup are screened. None of them may be running without your knowledge — as the Corporation has established the requirement that application code needs to be signed in a special way.
The researcher found that this rule applies only to integrated data storage. Any app located on an external drive, can be launched without proper authorization. For some unknown reason, the Gatekeeper considers the mapped drives and network locations “safe” and code checking is not performed.
Specialist demonstrated the problem on video.
Experts believe that the vulnerability is critical and can be used by hackers:
- First, the attacker creates a network with the infected location. After this, the hacker creates a zip archive that contains a symbolic link leading to a given network resource.
- After the user downloads and unzips an archive, and then open the symbolic link, it automatically becomes vulnerable. Any executable can be launched without warning, including malicious software.
Security specialist argues that the reported vulnerability 22 Feb. However, the gap is still present in the system, including actual Assembly macOS 10.14.5.