How malware developers could bypass Mac’s Gatekeeper without really trying http://arstechnica.com/security/201...bypass-macs-gatekeeper-without-really-trying/
This is huge news for me, I didn't know it was so easy. For what I see, GateKeeper works in a similar way of UAC: Once UAC pops and the user allows the program to elevate priviledges, it can run other programs with elevated pribiledges without UAC popping agian. This can be reproduced by downloaded MSI After burner. Upon executing it, UAC will pop (if it's set to do so). Then this installer will execute RivaTunner's installer, but since the first installer already got clearance, the second installer won't need them. In this case, however, the second installer is in the same .exe as the first installer (IIRC), but I assume the same behavior could be seen if the second installer was outside the first .exe.
I don't use Mac but I guess that it could be compared. From article it seems that trusted files are used in this attacks. I don't know if user is presented with popup for those files. Maybe Apple auto allows those files?
I don't use Mac either My comparison was about how the first executable has to get clearance, but the second one doesn't.