Malware, Patch/Configuration Management, Vulnerability Management

Gatekeeper flaw opens Apple systems to intrusion

Apple's Gatekeeper program verifies that downloaded apps have been vetted on the Mac App Store. If an app is detected as coming from an unknown developer, one who lacks an Apple Developer ID, the program should be blocked.

Instead, a flaw, CVE-2015-7024, may enable hackers to get in, according to Kim Komando. "Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more," the blog said.

The flaw was reported last year by Synack researcher Patrick Wardle and Apple issued a fix. However, the company mitigated only some of the entry points through which hackers gain entry, so hackers can still get in, the blog reported. "It's vulnerable if you're not using the secure HTTPs protocol, or you're not accessing the app from the Mac App Store," says Kim Komando.

Apple is said to be working with experts to fix the flaw.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.