OS X El Capitan, launched earlier on Wednesday, still contains serious vulnerabilities in its Gatekeeper and Keychain features, according to security researchers.
When scanning app bundles, Gatekeeper does a single check and fails to continue scanning after the bundle is actually opened, Synack researcher Patrick Wardle said to Forbes. In a proof-of-concept experiment Wardle bundled unsigned malware alongside an Apple-signed terminal app, and Gatekeeper left the malware unchecked.
Wardle refused to name the Apple-signed app, claiming that might put Mac owners at risk, but noted that it launched the second app in its own directory, and then stopped running. Though his technique opened up a terminal, he was able to render it invisible simply by renaming the correct app.
Apple was reportedly informed about the Gatekeeper flaw earlier this year, and even had it demonstrated to a security team. Wardle suggested to Forbes that Apple could fix the hole by blocking hidden files, or at least offering users a warning about them. The company could be holding back because this approach might break some legitimate apps.
The OS X Keychain vulnerability has been known by Apple since Oct. 2014, and involves "poisoning" the Keychain via an unauthorized app — in turn allowing a hacker to steal or delete sensitive data, Forbes noted. Researcher Luyi Xing, from Indiana University Bloomington, said that Apple informed his group a solution would involve a major overhaul of Keychain's infrastructure.
In the meantime, an open-source app called XGuardian can be used to protect a Mac, Xing said.
El Capitan is focused mainly on improving features like Spotlight and Safari, as well as boosting performance. Its first maintenance update, OS X 10.11.1, is already in beta, but whether it will tackle Gatekeeper or Keychain is unknown.
6 Comments
[quote name="AppleInsider" url="/t/188593/os-x-el-capitan-still-exposed-to-vulnerabilities-in-gatekeeper-keychain-researchers-say#post_2784361"] Researcher Luyi Xing, from Indiana University Bloomington, said that Apple informed his group a solution would involve a major overhaul of Keychain's infrastructure. [/quote] Ugh. LAME.
[quote name="cornchip" url="/t/188593/os-x-el-capitan-still-exposed-to-vulnerabilities-in-gatekeeper-keychain-researchers-say#post_2784380"] Ugh. LAME.[/quote] There really isn't an alternative; it's a design flaw in the entire setup.
So before Gatekeeper how did we keep from downloading malware? The old fashioned way, of course. Being careful with what and where you download software.
All Operating Systems are a moving target. Otherwise, what would security hacks do for a living?
[quote name="cornchip" url="/t/188593/os-x-el-capitan-still-exposed-to-vulnerabilities-in-gatekeeper-keychain-researchers-say#post_2784380"] Ugh. LAME.[/quote] Knowing some of the members the work on rearchitecting the product has been in play for quite some time. Richard Crandall's [RIP] group works years ahead of what they ultimately add to OS X.