Wednesday, January 20, 2016

Apple Gatekeeper still lets malware in

from komando.com
If you use a Mac, you may be comforted by its reputation for being secure. For decades, Apple had done a great job of keeper hackers out.

That is, until Apple products started becoming really popular in recent years. Then, hackers began to pounce. Now, Macs are often hit by hackers, or found to be vulnerable to attack.

That's the case with Apple Gatekeeper. Ironically, it's a program that's meant to keep the bad guys out. If you download apps, you can tell Apple to only let in apps from trusted providers.

As Apple puts it, Gatekeeper helps "protect your Mac from malware and misbehaving apps downloaded from the Internet." Apple says it screens all the apps on Mac App Store, and those created by developers with an Apple Developer ID.

Apple goes on to say: "If an app was developed by an unknown developer, one with no Developer ID, or tampered with, Gatekeeper can block the app from being installed." (See photo.)

The problem is cybersecurity experts last year found there's a flaw with Gatekeeper. The flaw, CVE-2015-7024, lets hackers get in. Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more.

Last year, this same cybersecurity expert alerted Apple about the flaw in Gatekeeper. Apple issued a patch to fix the problem.

However, as it turned out, Apple patched only some of the entryways for hackers to get in. The problem is, hackers can still get into Gatekeeper.

They can access a trusted app and load a .dmg file malware onto your Mac. It's vulnerable if you're not using the secure HTTPS protocol, or you're not accessing the app from the Mac App Store.

As of now, Apple is said to be working with cybersecurity experts to fully patch up the security flaw in Gatekeeper.

While Apple and cybersecurity experts work on fixing this vulnerability, you should make sure you're protecting yourself, your financial information, and your digital devices. You should use a suite of strong security tools, including an anti-virus program. We recommend our sponsor, Kaspersky Lab.