Filippo Cavallarin have discovered a security hole in the MacOS.This was stated on his website, according to him, “it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user’s explicit permission”.
What is a GateKeeper?
A GateKeeper is a mechanism developed by Apple and included in MacOS X since 2012 that enforces code signing and verifies downloaded applications before allowing them to run.
For example, if a user donwloads an application from internet and executes it, Gatekeeper will prevent it from running without users consent.
How Does the Malware Work?
If you are opening applications on Mac,you should watch out for potential vulnerabilities as malware can bypass the MacOs GateKeeper protections to run malicious codes.
While the vulnerability would still require someone to open a zip file and trust the files it contains in order to work, it does seem to be a valid way of getting around the protections that Gatekeeper puts in place.
“This issue was supposed to be addressed, according to the vendor, on May 15th 2019 but Apple started dropping my emails,” says Cavallarin. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”
This is a reminder to treat all incoming files with suspicion, whatever operating system you’re running – especially if they have the ability to run code on your computer.
Filippo also published a video to illustrate the concept.
According to Fillipo, there is no solution available yet.
A possible workaround is to disable automount:
- Edit /etc/auto_master as root
- Comment the line beginning with ‘/net’