News Categories

Warning: OS X El Capitan is still vulnerable to Gatekeeper and Keychain weaknesses

By Kenny Yeo - on 1 Oct 2015, 10:46am

Warning: OS X El Capitan is still vulnerable to Gatekeeper and Keychain weaknesses

Image source: AppleInsider

Earlier this year, it was revealed that there was a serious vulnerability in the way Apple's Gatekeeper work.

Gatekeeper is a security feature that was introduced in 2012 with OS X Mountain Lion. The idea of Gatekeeper was to prevent users from running potentially dangerous apps. By default, it would only run apps from the Mac App Store and also identified developers with an official Apple ID certificate.

Using this, security researcher Patrick Wardle was able to bundle a legitimate Apple-signed app along with a hidden unsigned file in the same directory. Gatekeeper only checks the parent app and allow the bundled hidden unsigned app in.

Wardle has confirmed that this vulnerability exists in OS X 10.10 Yosemite and also the recent beta of El Capitan OS X 10.11.

OS X also has a Keychain vulnerability that has been known to exist since October last year. Keychain itself can be "poisoned" using an authorized app, thereby allowing the hacker to steal or delete sensitive data stored within the Keychain - most likely passwords. 

According to Xing Luyi, a security researcher from Indiana University Bloomington, Apple has been made aware of this problem, but that fixing it would require a significant overhaul of Keychain's architecture.

That said, OS X El Capitan does have additional security features such as System Integrity Protection that limits the changes that can be made to the Mac’s operating system, which helps to protect the OS from malware attacks and is certainly helpful.

If you need any more reasons to update, check out our El Capitan feature article here.

Source: AppleInsider

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.