Researcher Pokes Holes in Apple's Whack-a-Mole Approach for Fixing Gatekeeper

[upnorth]

Content source

http://arstechnica.com/security/2016/01/how-malware-developers-could-bypass-macs-gatekeeper-without-really-trying/

Quote : " In September, Ars reported a drop-dead simple exploit that completely bypassed an OS X security feature known as Gatekeeper. Apple shipped a fix, but now the security researcher who discovered the original vulnerability said he found an equally obvious work-around. Patrick Wardle said the security fix consisted of blacklisting a small number of known files he privately reported to Apple that could be repackaged to install malicious software on Macs, even when Gatekeeper is set to its most restrictive setting. Wardle was able to revive his attack with little effort by finding a new Apple trusted file that hadn't been blocked by the Apple update. In other words, it was precisely the same attack as before, except it used a new, previously unblocked Apple-trusted file. Notably, that file was offered by security company Kaspersky Lab. Late on Thursday, Apple released an update blocking that file, too. "It literally took me five minutes to fully bypass it," Wardle, who is director of research of security firm Synack, told Ars, referring to the updated Gatekeeper. "So yes, it means that the immediate issue is mitigated and cannot be abused anymore. However the core issue is not fixed so if anybody finds another app that can be abused we are back to square one (full gatekeeper bypass)." "

 

[DracusNarcrym]

The unfortunate thing for the Apple users' security is the fact that most of them accepted this "Mac malware immunity" notion without a question (devious marketing on behalf of Apple, taking advantage of the trust of their userbase), hence the infamous "Macs have no need for AV protection".

I never supported that Mac users are "naive" or "unquestioning fanboys" as some would accuse them, however it would be nice if they would also take a step back from the rather stereotypical notion of absurd security in Apple's OS and generally be more skeptical towards Apple's marketing tactics and security claims.

 

[Solarquest]

On top of that is that wise user that want to install a AV cannot find one or have huge difficulties in finding one.
If you google Apple IOS AV and check famous/serios pages you mostly get results that state you don't need any.
I looked for one for my wife that just bought a 6s, till now I didn't find a real AV, with realtime scan.
Any suggestions?

 

[Ink]

I looked for one for my wife that just bought a 6s, till now I didn't find a real AV, with realtime scan.
Any suggestions?

Apple don't allow Antivirus apps for iOS (iPhone / iPad) on their App Store, but you can download an Antivirus for OS X desktop OS. Just keep iOS updated with iCloud 2FA enabled.

I have seen many Apple OS X users with an Antivirus installed.

 

[jamescv7]

Gatekeeper as a potential for improvement of security however seems as it relies on a pretty much single sided concept that makes some users misconception that the OS itself is 'full-proof'.

Honestly yes its a safe OS environment but as the attackers and other writers discovered many flaws + alternative to Windows therefore considered a third party solution.

In my view, many users use AV is because they engage more on USB attacks that are Windows based threats so signatures are bind on AV's run on OS X.