New Mac Exploit Easily Bypasses Gatekeeper Security, Could Allow Installation of Malicious Apps
Apple introduced Gatekeeper in 2012, creating it as a method of protection for users against malicious threats by adding various layers of security during installation of Mac apps. The feature is intended to ensure that apps users try to install on their Macs are legitimate and signed by a registered developer, minimizing the threat of malware. But now, a security researcher has discovered a simple method of bypassing Gatekeeper using a binary file already trusted by Apple to attack a user's computer (via Ars Technica).
Gatekeeper is meant solely to check the initial digital certificate when an app is downloaded on a Mac, ensuring that the program has been signed by an Apple-approved developer or at least comes from the Mac App Store itself before allowing the installation to proceed.
"If the application is valid—so it was signed by a developer ID or was (downloaded) from the Mac App Store—Gatekeeper basically says 'OK, I'm going to let this run,' and then Gatekeeper essentially exits," Patrick Wardle, director of research of security firm Synack, told Ars. "It doesn't monitor what that application is doing. If that application turns around and either loads or executes other content from the same directory... Gatekeeper does not examine those files."
Even if Gatekeeper is enhanced to its highest level of security settings, the new exploit can take advantage of a computer. Once the trusted file makes its way past the security program, it can then execute a handful of other malicious programs attached with the rest of the installation and gains the ability to install malicious software such as password-stealing programs, apps that can capture audio and video from a Mac's camera, and botnet software.
The researcher who discovered the exploit sent news of it to Apple about 60 days ago and "believes they are working on a way to fix the underlying cause or at least lessen the damage it can do to end users." Since then, an Apple spokesperson has confirmed the company is working on a patch for the issue and has asked that the identities of the specific files used in the exploit not be disclosed. Wardle plans to showcase his research on the Gatekeeper exploit at the Virus Bulletin Conference on Thursday in Prague.
Popular Stories
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the "ultra-thin" device.
Overall, the "iPhone 17 Air" is shaping up to be a mixed bag. Due to its thinness, the device is expected to have some limited specifications compared to the iPhone 17 Pro models, including only a single rear camera, only a single speaker, no SIM...
Apple today released new firmware designed for the 25W MagSafe Charger that is compatible with the iPhone 12 and later and the latest AirPods and Apple Watch models. The updated firmware is version 2A143, up from the 2A138 firmware that the accessory shipped with. In the Settings app, you'll see a different version number than the internal firmware number.
The 2024 MagSafe charger was...
iOS 18.3 is currently in beta for developers and public beta testers. So far, the upcoming iPhone software update is very minor in scope.
Below, we outline what is new in iOS 18.3 so far.
The only potential new feature coming to iPhones with iOS 18.3 so far is robot vacuum support in the Home app, but this functionality is not yet live. Apple is laying the groundwork for the feature,...
Apple today adjusted estimated trade-in values for select iPhone, iPad, Mac, and Apple Watch models in the U.S., according to its website.
Some values increased, while others decreased. The changes were not too significant, with most values rising or dropping by $5 to $50.
We have outlined some examples below:
Device
New Value
Old Value
iPhone 15 Pro Max
Up to $630
U ...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
iPhone 17 Pro concept based on rumors
Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025:
More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Ahead of the season two premiere of hit TV show Severance, Apple is marketing the show with a fun Severance pop-up at the Grand Central Terminal in New York City.
Apple has assembled a glass cube with workstations that are identical to the setups that Lumon employees use on the show, complete with employees "working," doing yoga, playing catch, throwing paper airplanes, sipping coffee, and...
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as...
Apple provided the third beta of iOS 18.3 to developers today, and while the betas have so far been light on new features, the third beta makes some major changes to Notification Summaries and also tweaks a few other features.
Notification Summary Changes
Apple made multiple changes to Notification Summaries in response to complaints about inaccurate summaries of news headlines.
For...
There is a good chance that Apple's first product announcement of 2025 will be updated 13-inch and 15-inch MacBook Air models with the M4 chip.
Last month, Apple released macOS Sequoia 15.2, and in doing so it accidentally confirmed new MacBook Air models are coming this year (unsurprisingly).
Bloomberg's Mark Gurman said the new MacBook Air models will be announced "earlier" than some...