MacOS X GateKeeper Bypass

Discussion in 'other security issues & news' started by mood, May 25, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,725
    macOS Unpatched for Executing Untrusted Code off the Network
    May 25, 2019
    https://www.bleepingcomputer.com/ne...for-executing-untrusted-code-off-the-network/
    MacOS X GateKeeper Bypass
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
  3. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    889
    While there's always room for improvement, they already take security seriously:

    https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf

    It's actually quite impressive how secure they made iOS; a jailbreak for iOS 9 was worth a million dollars.
     
    Last edited by a moderator: May 25, 2019
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    Cool, but I was talking about the macOS.
     
  5. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    889
    They're improving that as well, for example with their T2 chip (though it will be harder as the platform is more open):

    https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
     
    Last edited by a moderator: May 25, 2019
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    Last edited by a moderator: May 25, 2019
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    Most if these bugs get fixed though, and I'm not so sure they're all that 'serious'. How much experience have you had with macOS? How many infections have you contracted on macOS? Every OS can have vulnerabilities and when discovered they are usually patched. You can say the same for Android, Chrome OS and Linux.

    I certainly have no immediate plans (or otherwise) to put an AV on my iMac, laptop running Ubuntu or Chromebook.

    To say that Apple just aren't serious enough about security is risible at best and seems bordering the farcical. Even Microsoft take security seriously, especially these days.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    That's not the point. But it seems like the bugs that were discovered were quite silly, Apple should hire better developers and bug-hunters, that's all I'm saying. And even on a Mac I would personally still take security quite seriously, I don't care about that it's less targeted. You might want to check out these tools:

    https://objective-see.com/products.html
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    What isn't the point? First you state Apple aren't serious about security, then you say they are but ... now you say they should hire better developers. o_O

    I'm pretty serious about the security on my Mac, I'm also pretty serious it doesn't need free 3rd party security apps, even if I could get them past Gatekeeper, which is unlikely.

    Running Unix isn't like running Windows, it's a different mindset.
     
  11. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,140
    Location:
    "Here on Wilders"
    Waiting for GlassWire for Mac (beta) to come out so I don't have to worry about Apples Gatekeeper anymore. Running GlassWire on Win 7 and love it.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    The point is that these bugs should have been discovered by Apple themselves! Especially the ones related to the Keychain. These aren't advanced kernel exploits. And the only reason why you're not seeing a lot of successful attacks on the Mac, is because it's being targeted way less. But I'm way too paranoid, I would definitely make use of third party tools.

    Why wait for GlassWire, why not go for Little Snitch?

    https://www.obdev.at/products/littlesnitch/index.html
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    I don't see your logic. How do you know they wouldn't have discovered them anyway?

    Apple might benefit by a bug bounty, although it seems they aren't in favour of it.

    Probably. Security by obscurity is one approach. Third party security freeware is an accident waiting to happen though. Most of it scrapes information (probably why they're free) and a good deal of it is superfluous and ineffective. And in MBAM's case mainly just finds false positives, when it isn't accidentally quarantining system drivers. I'm probably just not paranoid enough, there again, I don't run Windows.
     
  14. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,140
    Location:
    "Here on Wilders"
    I think I'll download the Free Trial of Little Snitch later this week and give it a try, Thank you ;)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    Have you already checked it out? I wish there was something like this for Windows.
     
  16. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,140
    Location:
    "Here on Wilders"
    Not yet. I'll probably give it a try tomorrow when I have more time.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    BTW, here is another example. Even on a Mac you should take security seriously, I would definitely install "third party" behavior blocking tools. This is about a Firefox zero day exploit:

    https://objective-see.com/blog/blog_0x43.html
     
  18. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    Which third party behaviour blocking tools have you installed on your Mac?

    https://arstechnica.com/information...used-to-install-undetected-backdoors-on-macs/

    fox.jpg

    'So far, attacks are known only to target Mac users involved in cryptocurrency.' op cit

    'Wardle said he believes that Apple is in the process of updating XProtect and Gatekeeper so they scan all files, not just those with a quarantine bit. He said the change may be introduced in macOS 10.15.' op cit

    There's no guarantee third party tools would be any better defence anyway.

    I'm not going to get too super-Kevin about this.
     
    Last edited: Jun 23, 2019
  19. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    244
    Location:
    Mexico City
    :'( I need to ask @ macrumors about this issue :'(
     
  20. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    101
    Location:
    Germany
  21. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,140
    Location:
    "Here on Wilders"
    Good idea. :thumb:
     
  22. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    418
    Location:
    Dallas, TX
    I've used Little Snitch for years. It's awesome. It's better than anything I ever found for Windows.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,725
    New Mac malware abuses recently disclosed Gatekeeper zero-day
    Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass
    June 25, 2019

    https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day/
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,148
    Location:
    The Netherlands
    I don't know if you have read the article, but this exploit could bypass GateKeeper and XProtect. But with the help of the Objective-See tools you could at least mitigate the attack.

    Yes, especially the GUI looks quite attractive.
     
  25. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    Possibly, but isn't it improbable it would even affect me?

    Screenshot 2019-06-25 at 16.40.15.png

    You know, I don't want to sound too cynical, and I'm aware of security, but a lot of these supposed exploits are being used more to promote and market antivirus programs for macOS than anything else. I've run Linux for years and I just don't have your super-Kevin Windows paranoia anymore. In over fourteen years of regularly using the Internet I've only ever contracted malware once and that was a trojan dropper/gen in 2008. It was in the SeaMonkey browser running Vista on a Russian site. The Google Translate filter spotted it after I had tried to click an annoying Cyrillic pop-up off. Neither my AV or two anti-malware programs found it. Finally, the third AM program (SUPERAntiSpyware believe it or not) found and removed it. OTOH, of the several AV's I've used over the years, only MSE and BullGuard never showed a false-positive and all of the other AV's would try to eviscerate my hard drive with a frightening and astounding regularity. MBAM has only ever removed perfectly good system drivers for no apparent reason and programs like SpyBot S&D probably couldn't even detect themselves. I'm sitting using my Mac without an AV behind a perfectly good hardware router firewall and I feel pretty safe. Unix isn't Windows.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.