Mac’s malware protection still needs patching


143 million customers in the U.S. may have been impacted by the attack.
Photo: Colin / Wikimedia Commons

We all know Apple’s are much safer than Windows PCs at keeping out the malware, right?

Researcher Patrick Wardle has been trying to make sure of that for months now as he pokes holes in Apple’s current protection scheme, Gatekeeper.

In fact, he’s gotten past Apple’s latest patch to its software security system in literally five minutes.

Gatekeeper blocks malicious apps from installing on your Mac, but it seems as if it’s not as secure as it should be. In fact, 2015 was a banner year for malware. Perhaps it’s just a side-effect of becoming super popular, but Macs are getting targeted more now than ever before.

Gatekeeper checks any apps you download to make sure they’re digitally signed either by Apple or by a third-party developer that Apple recognized (you can change this in your System Preferences at any time). If Gatekeeper doesn’t find the signature, it will lock you out of launching the app itself.

It’s apparently pretty easy for malicious code to be inserted into a legitimate app signed by Apple to trick your Mac into running the code, according to Wurdle. He even found ways that hackers who had control over a network like the one at your favorite coffee shop could insert malicious code into a legit app that’s getting downloaded over the unencrypted Wi-Fi connection. Yikes.

Apple released a patch for that specific vulnerability, but Wardle now says it’s relatively trivial to get past.

“[The] patch they released was incredibly weak,” Wardle told Motherboard. “It literally took me five minutes to completely bypass.”

Apple is working with Wardle and should release another patch soon. In the meantime, you can protect yourself by only downloading apps via the Mac App Store (since Apple has more complete control over what’s in the binary code of apps there), and use encrypted connections if you have to download software from somewhere else.

He’s also got a tool you can use called Ostiarius that does what Gatekeeper should: it scans both the binary of the app in question, but also the processes the app uses, blocking unsigned processes in addition to unsigned apps.

Let’s hope that Apple works with Wardle to perhaps build this tool into Gatekeeper, so we can go back to bragging about how our Macs are free of all that PC malware junk.

Source: Motherboard