Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Software Apple

Apple's Gatekeeper Still Broken (csoonline.com) 80

itwbennett writes: This weekend, Apple security expert Patrick Wardle will detail a vulnerability in Apple's Gatekeeper that makes it possible to bypass the anti-malware defense. This is the same vulnerability that was disclosed last April, which Apple said it patched later. Wardle was able to easily bypass Apple's fixes. He says "all Apple did was blacklist the signed apps he was abusing, but didn't fix the underlying issue, which is that, essentially, Gatekeeper functions as a guard that doesn't check" software already on the whitelist.
This discussion has been archived. No new comments can be posted.

Apple's Gatekeeper Still Broken

Comments Filter:
  • Doesn't matter. (Score:4, Insightful)

    by Anonymous Coward on Friday January 15, 2016 @01:14PM (#51308747)
    People will still flock to Apple and buy the shit out of it. And Apple knows it.
    • by cant_get_a_good_nick ( 172131 ) on Friday January 15, 2016 @01:53PM (#51309149)

      I really never understood the anger of someone mad that someone else bought, well any item.

      "you're such a _____ fanboi and you buy _____ and you suck (____'s CEO)'s dick!"

      Who the hell cares. You buy what you want to buy, If you don't have a mac this doesn't affect you in the least. At least the Linux fanboi's could bitch at MS worms taking enough bandwidth to hurt Internet speeds. Apple Mac market share is small enough (through growing) to not hurt anyone not owning a Mac. This really isn't a true new worm. Anyone getting you to install a new app that partially passes gatekeeper can probably get you to install it and override gatekeeper. It's not that big of a leap.

      I honestly feel bad at anyone angry at Apple selling too many computers. Do you need a cookie? Want to talk about it? Did your parents love you enough as a child?

      • Re:Doesn't matter. (Score:5, Insightful)

        by The-Ixian ( 168184 ) on Friday January 15, 2016 @01:58PM (#51309203)

        Yeah no kidding.

        I don't personally like Apple the company. I just think they are too much about marketing hype. I was also not a fan of Steve Jobs personally.

        But I still will recommend a Mac to someone when appropriate.

        Computers and operating systems are tools not ideologies. Use the best tool for the job.

        I won't be buying Apple products any time soon, but that is because there are tools out there that work better for me.

      • by Anonymous Coward

        But what else are people of a technical persuasion with no lives supposed to while away the hours of the day on? How will they maintain that false sense of superiority? That big bright thing in the sky burns, don't you know?!

        Like another responder, I hate Apple the company with a burning passion of a thousand suns for actual wrongs done to me by middle and senior management level Apple employees. That said, I won't deny that, at least once upon a time, they built some great hardware and software. I think th

        • Re:Doesn't matter. (Score:4, Interesting)

          by The-Ixian ( 168184 ) on Friday January 15, 2016 @03:34PM (#51310039)

          Well said.

          I don't think of Apple today as the same company they once were.

          My first computer was an Apple II+ on which I spent countless hours wring BASIC programs. I monopolized its use so much that it eventually just ended up in my room. I would write basic by hand during boring church and couldn't wait to get home and type it in.

          I loved that computer....

          But Apple has always been expensive and it was much easier for me to buy PC components over time and slowly assemble a computer with my lawn mowing money. I have never really looked back.

          Over the years I have looked at Apple products with envy at times. I think Mac has always been a good computer. It was just that by the time I could afford one, I was already well down the PC path. In addition to that, at the time, not much software worked with Mac and so it felt like it would be a step backwards.

          That said, whenever I have the opportunity, I will use a Mac in order to be able to provide basic support.

          I have a work issued iPad which I use for testing and playing some games. I like it ok, but it almost seems quaint compared to an Android table or a Microsoft Surface.

      • The reason I'm very anti-Apple is particularly our younger professors decide that they need to have apple computers, phones, and tablets to be hip. So they get them, against recommendations. Now never mind that these cost a lot more money than they'd spend on equivalent hardware but then the support issues start. Turns out that Mac don't just magically work, and they have problems with things (accessing the central storage is something Macs have been particularly problematic with) and they whine to us despi

  • Patrick: You fight with the strength of many men, Sir knight.
    I am Patrick, King of the security experts.
    [pause]
    I seek the finest and the bravest knights in the land to join me in my Court of Camelot.
    [pause]
    You have proved yourself worthy; will you join me?
    [pause]
    You make me sad. So be it. Come, Patsy.
    Gatekeeper: None shall pass.
    Patrick: What?
    Gatekeeper: None shall pass.
    Patrick: I have no quarrel with you, good Sir knight, but I must cross this bridge.
    Gatekeeper: Then you shall die.
    Patrick: I command you as

  • I've got the impression that security of MacOS relies strongly on the low market share and supposed lack of interest of the potential crackers. Am I too wrong?
    • by Anonymous Coward

      No, you're right. But the other thing is that Gatekeeper isn't intended to keep OS X secure. It's intended to make running non-Apple code annoying and nothing more.

      Keep in mind that in the Apple security model, you're not trying to protect the user from harmful code, you're trying to protect the computer from the user. The whole system is designed around preventing the user from doing things outside Apple's walled garden, not from preventing software from doing things it shouldn't be doing. As long as the a

      • No, you're right. But the other thing is that Gatekeeper isn't intended to keep OS X secure. It's intended to make running non-Apple code annoying and nothing more.

        To do that, it would have to be combined with making getting software from the Mac App Store, most of which is "non-Apple code", annoying. Presumably, then, you're saying that getting software from the Mac App Store is annoying.

        Or perhaps you meant "it's intended to make non-Apple-approved code annoying", where "Apple-approved" means "approved by Apple to go into the Mac App Store". Whether that's the intent, yes, that's definitely a side-effect.

        (I run non-App Store code quite a bit; for code installed

  • Apple is new to reacting effectively to security. Microsoft gets beat up about security, but they have learned to attempt to react better. May not be perfect.

    I know so many Apple people that think Apple immune security issues. I seriously wonder if we will see a day when Apple is is hit with the same type of security questions that have plagued Microsoft over the years.

    • To be honest, Apple is arguably better at this point than Microsoft was at a similar point in it's lifecycle, from a tech standpoint. Rootless MacOSX is a thing. Gatekeeper, though major holes, is a thing. It's just that back then, the Internet was not as much of a source of riches. There's never been a Slammer work for MacOSX. Nor a "I love you" virus.

      You know who else had really bad security reputation? Redhat was horrible in the beginning. You know what famous developer doesn't pay enough attenti

      • Been a while, but wasn't Slammer actually a SQL Server worm, and I love you was an email-based Trojan?

        You're absolutely correct, however, in pointing out that in the age-old contest between warhead and armour, warhead wins.

      • To be honest, Apple is arguably better at this point than Microsoft was at a similar point in it's lifecycle, from a tech standpoint. Rootless MacOSX is a thing. Gatekeeper, though major holes, is a thing.

        Same point in the lifecycle? Apple has been around, as a company in the OS business, as long/longer than MS. And things like rootless OSX are expectations, because people learn from other people;s experience.

        I get that rewriting means there are needed patches. But when Apple wrote OSX, security was a re

    • Probably not.

      The biggest issue right now as far as most people are concerned is javascript that hijacks a browser and tricks people into thinking their computer is completely locked up and that they need to call some tech support number to get it fixed. I recently had a relation call me about this because they didn't want to pay the $400 to get it fixed, which is what the website says they need to do.

      All you need to do is just force quit the browser to fix the problem, but most people are too computer
      • There are easier ways to make money from single targets that don't require security holes, and there are fatter targets that are more worthwhile to attack if you do find a security hole like that.

        One thing that is missing from this equation is bot nets.

        It certainly does benefit hackers to take over grandma's system if for no other purpose than to recruit it into the ranks of bitcoin mining, spam sending, ddos attacking, malware distributing, etc.

        I guarantee you that if Apple was the dominant computing platform, it would have just as many issues as other platforms.

      • by dgatwood ( 11270 )

        The biggest issue right now as far as most people are concerned is javascript that hijacks a browser and tricks people into thinking their computer is completely locked up and that they need to call some tech support number to get it fixed. I recently had a relation call me about this because they didn't want to pay the $400 to get it fixed, which is what the website says they need to do.

        Agreed. I've gotten similar calls. And the problem is so simple that I can't believe Apple hasn't fixed it already (unl

      • by pr0fessor ( 1940368 ) on Friday January 15, 2016 @03:05PM (#51309781)

        I got a call at work the other day that I thought I recognized the number I was in a good mood and thought about answering "IT, have you tried turn it off and on again?" but settled for "Technical support, I'll be your password reset technician today."

        Turns out it was a scammer claiming to be from MS... so after he said his intro I said "Yes, you've reach technical support. Do you need me to reset your password?" then he stammered and and tried to explain about how my computer was having issues and I said "Ok, I have reset your password but it will take about 15 minutes for the changes to go through. If you have any other issues go ahead and call back."

    • by LichtSpektren ( 4201985 ) on Friday January 15, 2016 @02:21PM (#51309393)

      Apple is new to reacting effectively to security. Microsoft gets beat up about security, but they have learned to attempt to react better. May not be perfect.

      I know so many Apple people that think Apple immune security issues. I seriously wonder if we will see a day when Apple is is hit with the same type of security questions that have plagued Microsoft over the years.

      Windows spent almost two decades with admin privileges by default 24/7, no mandatory-access control, installations that could occur silently and without user input, core system updates through the web browser, whilst also being the only real desktop PC operating system (i.e. it was the most lucrative target for malware authors). It's actually sort of miraculous that the security ecosystem wasn't in even worse shape than it was.

      By contrast, OS X's origins in unix give it a fairly safe grounding. The keyring and SIP in El Capitan also seem to be quite robust. And Apple users are more trusting of automatic security updates compared to Windows users (Microsoft poisoned that well when they started pushing shitty drivers and malware through their updates).

  • GK: We don't need to do anything apart from just stop him entering the room.
    OSX: No, no, leaving the room.
    GK: Leaving the room, yes.
    OSX: Alright?
    GK: Right. Oh if if if uh if if uh if uh if we oh... if oh.
    OSX: Look it's quite simple. You just stay here, and make sure he doesn't leave the room, alright?
    GK: Oh I remember, uh can he leave the room with us.
    OSX: No No No No. You just keep him in here and make sure h...
    GK: Oh yes, we'll keep him in here, obviously. But if he had to leave, and we went with
  • Working As Intended (Score:5, Informative)

    by BitZtream ( 692029 ) on Friday January 15, 2016 @03:04PM (#51309773)

    Its working exactly as its supposed to. Its not meant to stop everything, its just a whitelisting system with some authentication built it.

    Blacklisting the offending apps is exactly how this type of system works.

    Anything signed by a valid cert which has been signed by Apple's cert is trusted by default. Thats what having an Apple signature on top of the publisher signature means. This also means the applications are 'tamper proof' in theory, because changing the application invalidates the sig and the code no longer is whitelisted, so no virus will work.

    The system then keeps a CRL, Certificate Revocation List. This list is ... blacklisted fingerprints. That is, certs or specific apps that were not known to be compromised or malicious when Apple originally vetted them, but something became known to be compromised after that process. The CRL list means Apple can effectively change its mind about apps that it previously approved.

    This is all it is intended to do, and that alone mitigates a metric fuckton of exploit cases.

    Doesn't prevent apps that don't get caught in review. But you won't get more than one or two malicious apps past them before you're completely cut off from getting certs ever again. Vendors outside the AppStore will have their certs revoked when exposed in the wild.

    At no point was it intended to prevent every single exploit vector ever. You're pretty ignorant of how this stuff works if you think they ever said it was the cure all to security issues.

    All it does is adds a layer of control to who can run arbitrary code on your system, and by default, allows Apple to give people permission to do so. You can also use your own certs and remove the AppStore cert, effectively making it so only apps signed with your cert will run on the machine ... or in the case of some companies, the company's cert is the only thing that runs on the machine.

    itwbennet == bennet haselton / dumb

    • Indeed, the first thing I thought when reading this was, "What underlying issue? Blacklisting him is exactly how it's supposed to work."

      Apps from trusted sources are supposed to be able to do pretty much anything they want until they prove they're not to be trusted. That's by design. And, inevitably, some developers will abuse that trust, which is why the design includes a means for the revocation of trust. Which is exactly what happened here.

      Yes, he's shown that trusted devs can include external code that'

  • I'm actually impressed that Apple named anything with "Gate" in it

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...