Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper

[jos]

Since its introduction in 2012, an OS X feature known as Gatekeeper has gone a long way to protecting the Macs of security novices and experts alike. Not only does it help neutralize social engineering attacks that trick less experienced users into installing trojans, code-signing requirements ensure even seasoned users that an installer app hasn't been maliciously modified as it was downloaded over an unencrypted connection.

 

Now, a security researcher has found a drop-dead simple technique that completely bypasses Gatekeeper, even when the protection is set to its strictest setting. The hack uses a binary file already trusted by Apple to pass through Gatekeeper. Once the Apple-trusted file is on the other side, it executes one or more malicious files that are included in the same folder. The bundled files can install a variety of nefarious programs, including password loggers, apps that capture audio and video, and botnet software.

 

A Trojan that will attack anti-Trojan software of the mac is just funny.. and it looks like a simple implementation... some one might attack before the patch is released..

 

Source: http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-completely-bypasses-macs-malware-gatekeeper/

[don_svetlio]

But Macs can't get viruses

[Guest]

"Macs dont get viruses"

[UltraNeonGaming]

But Macs can't get viruses

"Macs dont get viruses"

Same can be said for every other OS if you use Common Sense 24/7 Protection Premium Edition 2015

[Shakaza]

On the one hand, I want to laugh at the Apple fanboys I knew at my school who thought that Apple devices are perfect and are objectively better than anything else, but on the other hand, I think it's unfortunate that such a simple flaw in a security system has been revealed(it's good that it will be fixed shortly, but still bad that it exists in the first place).

[ShadowCaptain]

I am amazed this has not already been exploited

I guess macs are just not targeted as much

[Prysin]

Same can be said for every other OS if you use Common Sense 24/7 Protection Premium Edition 2015

the only hardware that is virus proof is a good 'ol sledgehammer.

[DarrenP]

It's actually not that Mac's can't get virus' it's more that Virus' are more commonly written for Windows because if you're going to exploit someone or you're going to trying and get information, why go for the second least used platform. Mac's can get virus' they are just less common. 

[Shakaza]

It's actually not that Mac's can't get virus' it's more that Virus' are more commonly written for Windows because if you're going to exploit someone or you're going to trying and get information, why go for the second least used platform. Mac's can get virus' they are just less common. 

Yes, we know, but we're complaining about the fanboys who don't say that Macs get viruses less commonly than Windows machines, but say they don't get viruses altogether. They go around acting all superior because they bought a Mac, and tell everyone how they're objectively better than everything else and how, regardless of what you're using it for, you should get a Mac. You want to do 3D modelling in a laptop? Don't get that $1000 laptop with a quad-core Intel i7 and a dedicated graphics card, get a $1000 Macbook Air or whatever with 4 GB of RAM, a dual-core i5, and integrated graphics. That type of person really gets on my nerves.

[ChineseChef]

I am amazed this has not already been exploited I guess macs are just not targeted as much

 

I must say, this ^^ always amazes me.  Whenever we do find out about a Mac exploit, its always a relatively easy exploit that gives supreme control of the system.  Yet we never really hear about anyone actually using them.  I think I have only heard of 2 or 3 big issues in the last decade.  With the way Mac security crumbles near instantly at all the hacker contests, I would have expected more news or problems.  I guess the Mac group really is such a small target it isn't worth it, or there is some other factor about Mac users that makes them lesser targets?  I think it has to simply be a numbers issue.

[ShadowCaptain]

SNIP

 

less users, most macs are used by creative types with photos and stuff

 

Banks and big companies use windows so you can capture more stuff/hack more things etc

 

Plus OSX is sandboxed so even though you might get into the mac and infect one program it might not actually do much, plus some mac users will run AV making it even less effective

 

 

Probably just not worth the effort when windows is easier to target and more likely to work and pay off

[dom1310df]

less users, most macs are used by creative types with photos and stuff

 

Banks and big companies use windows so you can capture more stuff/hack more things etc

 

Plus OSX is sandboxed so even though you might get into the mac and infect one program it might not actually do much, plus some mac users will run AV making it even less effective

 

 

Probably just not worth the effort when windows is easier to target and more likely to work and pay off

And most banks and big companies still use XP, so not much effort needed.

[ShadowCaptain]

And most banks and big companies still use XP, so not much effort needed.

 

Just email them