Apple has a major vulnerability malicious program can be easily installed

This article comes from Pacific Internet

Three months after giving feedback to Apple, a security expert disclosed in detail how to bypass the Gatekeeper to trick users into running potentially malicious programs. Security consultant Filippo Cavallarin said that design flaws in the macOS system can make it easy for hackers to bypass Gatekeeper. He reported this vulnerability to Apple on February 22, 2019, and now decides to disclose it publicly.

Cavallarin said on his personal blog: "According to the supplier, this issue was resolved on May 15, 2019. However, Apple did not accept my email at the beginning. In the feedback to Apple's 90-day disclosure deadline After that, I made this information public."

Gatekeeper is not designed to prevent this vulnerability at all, but to ensure that only trusted software can run on a Mac. Apple will review each app in the App Store, accept it after the review, and add a signature to ensure that the app has not been tampered with or altered. If there is a problem with an app, Apple will quickly get rid of it from the store.

But it's worth noting that Gatekeeper itself is not responsible for checking the behavior of the app. According to Cavallarin, "Gatekeeper treats external disks and network shares as secure locations according to design specifications, and it allows all applications under those disks to run." So when the user downloads and makes a choice to launch the application, the next time it opens Gatekeeper will not continue to check it.

Cavallarin continues: "Zip files can contain symbolic links to arbitrary locations (including automount endpoints), and software responsible for decompressing zip files on macOS does not perform any checks on symbolic links before creating symbolic links." He goes on to explain Say, users can "easily" spoof the installation of a network shared drive, and then anything in that folder can pass through Gatekeeper.

At present, Apple officials have not responded to this vulnerability.