Despite an OS X El Capitan patch, Apple's Gatekeeper vulnerability persists.
Security woes continue to plague the Apple Gatekeeper system, and cybersecurity researcher Patrick Wardle has once again illustrated how hackers could exploit the program. Last September, Wardle raised his concerns and demonstrated that Gatekeeper, which was originally engineered to protect users from malicious programs, could be bypassed. Apple added Gatekeeper to its systems in 2012, but according to Wardle, it can be circumvented in its present state and does not necessarily protect users. An insecure download of a legitimate program (downloaded from outside the Mac Store) is at risk of being targeted by hackers, and can pass malware onto a user's computer.
After Wardle revealed the security flaw, Apple quickly patched its systems. However, Wardle states that the fix is far from effective. "I can reverse engineer this [security patch] in five minutes," he explained to Engadget in an interview. Rather than addressing the primary flaw that allows for the exploitation of Gatekeeper, Apple patched some methods of taking advantage of this security flaw (including those specific methods demonstrated by Wardle in September). However, it does not patch the flaw itself, leaving Gatekeeper still vulnerable to attack by malicious DMG files. Until Apple truly resolves the flaw, users are urged to download apps only from HTTPS sources or from the Mac Store.
Photo: © iStock.