Gatekeeper flaw opens Apple systems to intrusion
A reported flaw in Gatekeeper may threaten Mac users who have long felt secure from cyberattacks.
Apple's Gatekeeper program verifies that downloaded apps have been vetted on the Mac App Store. If an app is detected as coming from an unknown developer, one who lacks an Apple Developer ID, the program should be blocked.
Instead, a flaw, CVE-2015-7024, may enable hackers to get in, according to Kim Komando. "Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more," the blog said.
The flaw was reported last year by Synack researcher Patrick Wardle and Apple issued a fix. However, the company mitigated only some of the entry points through which hackers gain entry, so hackers can still get in, the blog reported. "It's vulnerable if you're not using the secure HTTPs protocol, or you're not accessing the app from the Mac App Store," says Kim Komando.Apple is said to be working with experts to fix the flaw.