A security researcher has discovered a leak that allows malware makers to bypass macOS Gatekeeper security to execute malicious code.

Gatekeeper is a feature that asks users to confirm that they want to install applications from outside the Mac App Store. According to the security researcher, Filippo Cavallarin, this is a potential vulnerability when opening apps on a Mac, according to TechRadar.

Zip File Archive

The problem lies in the way macOS processes and treats network shares as being secure. The system may be misled to open a zip file archive containing malicious code. In theory, hackers can therefore obtain any code they want.

However, someone first needs to open a zip file with files that are classified as reliable, but then it seems a valid way to bypass the security features introduced by Gatekeeper. Again, this indicates the importance of treating all incoming files with suspicion, regardless of the operating system used. Especially if they have the ability to execute code on a computer.

No response from Apple

Apple has not responded to its findings 90 days after Cavallarin drew the computer giant’s attention. Moreover, the latest macOS 10.14.5 still seems vulnerable. According to the vendor, this problem was due to be dealt with on May 15, 2019, but Apple did nothing with my emails. Since Apple is aware of my deadline to disclose my information after 90 days, I am now disclosing it, said the security officer.

Due to the lack of reaction from Apple, it remains unclear when the vulnerability will be repaired. I think it does work exactly the way Cavallarin claims in his report.

zero-day leak in macOS

Last March, the Project Zero team of Google made a zero-day leak in macOS public. This happened after Apple failed to patch the vulnerability within the timeframe set. In November 2018, Project Zero had already informed the computer giant of a leak that the researchers described as very serious. In this case, the bug was in the copy-on-write (COW) resource management system in Apple’s XNU kernel and is technically described in a post on the Chromium bug tracker.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.