New Attack Bypasses Mac OS X Gatekeeper

← Back to Stories (view on slashdot.org)

New Attack Bypasses Mac OS X Gatekeeper

Posted by Soulskill on Wednesday September 30, 2015 @02:31AM from the even-gatekeepers-need-lunch-breaks dept.

msm1267 writes: Mac OS X's Gatekeeper security service is supposed to protect Apple computers from executing code that's not signed by Apple or downloaded from its App Store. A researcher, however, has built an exploit that uses a signed binary to execute malicious code. Patrick Wardle, a longtime Apple hacker, said Gatekeeper performs only an initial check on an application to determine whether it came from an untrusted source and should not be executed. Using a signed binary that passes the initial check and then loads a malicious library or app from the same or relative directory, however, will get an advanced attacker onto an OS X machine. Wardle disclosed his research and proof of concept to Apple, which said it is working on a patch, and may push out a short-term mitigation in the meantime.

66 comments

Min score:

Reason:

Sort:

Gateskeeper by Anonymous Coward · 2015-09-30 02:34 · Score: 0

is a bad name then.
1. Re:Gateskeeper by Anonymous Coward · 2015-09-30 02:40 · Score: 0
  
  Try Zuul.
2. Re:Gateskeeper by Anubis+IV · 2015-09-30 03:39 · Score: 3, Informative
  
  I get that this is possible and all, but I think I'm failing to understand the threat posed by it that's any different from what was possible already by design. Gatekeeper has three settings (paraphrasing; #2 is the default, from what I recall):
  1) Mac App Store only
  2) Apps from registered developers only
  3) Anything goes
  It's already quite possible for a ($99/year) registered app developer to release a trojan and distribute it via the Internet to anyone using settings #2 and #3, but if they do so, Apple has been quick to revoke their certs (preventing all of their apps from installing on anyone's Mac using settings #1 or #2), pull their apps from the Mac App Store, and add the malware to OS X's built-in malware blocker that gets updated nightly.
  This attack seems to rely on the actual bulk of the malware being downloaded separately from the main app that's been signed, which means that, as has been the case up until now, the user still needs to be coerced into downloading the malware themselves somehow. The only difference I can see (besides the addition of a lot of complication that makes the attack more difficult to accomplish) is that if the dummy app is able to be distributed via the Mac App Store, this may be a way to target users with setting #1, since otherwise the malicious payload would need to get through Apple's app review process. But if that's all that this attack brings to the table, it isn't much, since setting #2 is the default, meaning the target audience for this attack is particularly limited and that (by design) there are already easier ways to hit the bulk of users. Moreover, Apple's response would no doubt be exactly what we'd expect: to revoke the certs, pull the apps from the Mac App Store, and add the app to their malware blocker, meaning that the attack will stop working overnight.
  Am I missing something more sinister here?
3. Re:Gateskeeper by Anonymous Coward · 2015-09-30 20:52 · Score: 0
  
  Gatekeeper is for cows.Cows say MOOOOOOOO.MOOOOOOOOO.MOOOOOOO.MOOOO says the cows.You Gatekeeper cows.
There's an even greater flaw here. by DejectedAngel · 2015-09-30 02:36 · Score: 5, Interesting

OSX only checks the verification of the app if it sees that it is downloaded from a nonlocal source. If you download an unverified application, view package contents, and copy the files within to another folder and rename it with the .app extension, you can open anything! No admin rights required unless it requires an install!
1. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 02:45 · Score: 0
  
  Mac Security: "We suck at this"
  On the bright side, their new SID system seems promising actually.
2. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 02:46 · Score: 0
  
  *SIP system...not sudden infant death syndrome....System Integrity Protection@
3. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 02:47 · Score: 0
  
  No, I am sorry. If someone takes those steps they are just being an idiot and deserve everything they get.
4. Re:There's an even greater flaw here. by jedidiah · 2015-09-30 03:03 · Score: 0
  
  What? The ability to run any application they want on a PC platform?
  If MacOS is a Unix, then it shouldn't need to be treated like such a delicate flower. The user should be able to safely run programs without having them blessed by the OS vendor.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
5. Re:There's an even greater flaw here. by IamTheRealMike · 2015-09-30 03:05 · Score: 5, Insightful
  
  Huh?
  Gatekeeper is not meant to block any unsigned code execution. It's meant to stop you accidentally running malware. If you want to bypass it you can just right click on a .app and click "open", or you can disable it in System Preferences. The "attack" you just described is no attack at all.
  It's not even clear to me that what's being described in the article is even an attack. OK, you can bypass Gatekeeper by finding an app that blindly runs code it knows nothing about. That's like complaining that if you run a signed browser and then it executes a malicious web page, bad things happen. That's not a bug in Gatekeeper. That's a bug in the browser.
6. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:06 · Score: 0
  
  Including the Sysadmin who thought they locked down the computer from students running things they shouldn't, such as intentionally infecting a machine.
7. Re:There's an even greater flaw here. by SuperKendall · 2015-09-30 03:08 · Score: 2
  
  They have the ability to run anything, Gatekeeper is just there to stop an accidental run without some purposeful action to make sure you really want to run it... then after that it doesn't stop you because that would be stupid. After all, you already indicated you wanted to run it by specifically telling Gatekeeper to allow it.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
8. Re:There's an even greater flaw here. by neoritter · 2015-09-30 03:10 · Score: 2
  
  I think it's starting to be proven that an axiom like that about Unix systems is not entirely accurate.
9. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:10 · Score: 0
  
  OSX is a Unix and having security such as this in place when you're dealing with average users isn't a bad thing. An OS cannot defeat stupid.
10. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:12 · Score: 0
  
  What? The ability to run any application they want on a PC platform?
  If MacOS is a Unix, then it shouldn't need to be treated like such a delicate flower. The user should be able to safely run programs without having them blessed by the OS vendor.
  An APPLE user run something not blessed by APPLE?!?!?!
  You must be new here.
11. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:19 · Score: 0
  
  it gets really goddamn old to tell Mac OS that yes, I want to open/run this file I downloaded. Because I downloaded it. Every file from the internet, every JPG and GIF and PNG file, gets "tainted" with an extended attribute.
12. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:26 · Score: 0
  
  Gatekeeper *is* meant to block the execution of unsigned code by default - yes it can be turned off or bypassed via right-click, but both of these require specific actions by the user. But ok, even if we assume its just trying to stop the you from accidentally running malware - this method ('attack') can be used to repackage existing malware, and allow it to be run without Gatekeeper detection. So basically Gatekeeper then provides 0% extra security and IMHO is then basically useless.
  An article on Ars has a good diagram illustrating this: "Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper"
13. Re: There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:27 · Score: 0
  
  Just admit it's not a perfect system, nothing is.
  If a program is run with user privileges and can bypass system level safeguards without a flag gping up there is a problem with the design, not necesarily the philosophy.
14. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:30 · Score: 0
  
  Side Impact Protection?
15. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 03:33 · Score: 0
  
  My computer. My code. My choice. My problem.
16. Re:There's an even greater flaw here. by captnjohnny1618 · 2015-09-30 03:37 · Score: 1
  
  I think the other point of the "attack" (and I admit that this is pretty flimsy) is that an attacker could make malicious code *look* like signed and verified code, defeating the whole purpose gatekeeper helping prevent you from accidentally running bad things.
  
  I'd think the only solution would be to make every single executed snippet of code signed. I don't really know if that's possible though.
17. Re:There's an even greater flaw here. by praxis · 2015-09-30 03:50 · Score: 2
  
  You can disable the check, you know.
18. Re:There's an even greater flaw here. by Lumpy · 2015-09-30 03:51 · Score: 0
  
  Yet its still better than anything that Microsoft can come up with.
  
  --
  Do not look at laser with remaining good eye.
19. Re:There's an even greater flaw here. by praxis · 2015-09-30 03:51 · Score: 1
  
  How does one "safely" run any program? That's a question we've been trying to answer since the dawn of programs.
20. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 04:48 · Score: 0
  
  Unfortunately people only want the first 3.
21. Re: There's an even greater flaw here. by Anonymous Coward · 2015-09-30 04:55 · Score: 0
  
  Don't tell him that, then he won't be able to bitch anymore. Sigh.
22. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 05:06 · Score: 0
  
  A malware writer would never repackage a signed application with a modified dependent third party library and release it, because that would be copyright infringement, and that would be wrong.
23. Re:There's an even greater flaw here. by radarskiy · 2015-09-30 05:08 · Score: 2
  
  I hate it when I accidentally copy the contents of an apps package contents to another folder, renamed it with a .app extension, and execute it only to find there is malware inside.
24. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 05:14 · Score: 0
  
  Actually Windows is deemed safer by in the security industry than either Mac OSX or iOS.
  
  http://www.winbeta.org/news/fo...
  https://usa.kaspersky.com/inte...
  http://www.cnet.com/news/in-th... Regardless, I think the consensus these days is we all need to be careful regardless of device. Social engineering happens on them all. I use both Macs and PCs. I run AV and OpenDNS Umbrella and more for my Macs too and scrutinize anything attachments, links, etc. that I go to.
25. Re:There's an even greater flaw here. by amicusNYCL · 2015-09-30 05:18 · Score: 1
  
  It's not even clear to me that what's being described in the article is even an attack.
  Then what is Apple patching?
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
26. Re: There's an even greater flaw here. by Dog-Cow · 2015-09-30 05:41 · Score: 1
  
  He's already a fucking idiot, because OS X doesn't prompt for files, only executables.
27. Re:There's an even greater flaw here. by DejectedAngel · 2015-09-30 06:06 · Score: 1
  
  Yeah, its not going to happen unintentionally, but that doesn't mean that it isn't a flaw.
28. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 06:32 · Score: 0
  
  tl;dr version: Since this is Apple, it's not an issue, and here's a bunch of reasons to blame everyone BUT Apple, even though if this was Windows I'd be bitching about how it's all Microsoft's fault.
29. Re:There's an even greater flaw here. by KGIII · 2015-09-30 06:55 · Score: 1
  
  My niece switched to a Mac. Bam... Day one. She's seemingly got something called "MacHelper" or something akin to that. Sounds innocuous but it's really not - it's sort of ransom ware from what she described. She called me up wanting me to help. Good luck with that. I have no idea how to help except to follow directions at Google.
  
  --
  "So long and thanks for all the fish."
30. Re:There's an even greater flaw here. by thoromyr · 2015-09-30 07:07 · Score: 1
  
  Yeah. Seeing a gatekeeper bypass I was expecting, well, you know, something that actually *bypassed* gatekeeper. This in no way shape or form is a bypass.
  It *would* be considered a bypass on iOS, but that is because that platform attempts to prevent any unapproved code from executing. That is not a design goal of OS X. Irrelevant.
31. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 08:06 · Score: 0
  
  Perhaps making it *less likely* that a user will allow this?
32. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 08:42 · Score: 0
  
  So if a user has Gatekeeper set to "Only allow code from the Mac App Store" then they download something from the internet (or are emailed something) and they run it - and it installs (unsigned) malware how is that not a bypass? This is what this attack allows and exactly what Gatekeeper attempts to prevent. Gatekeeper normally would block this saying, "hey this isn't from the Mac store GTFO" ...
33. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 08:44 · Score: 0
  
  The only flaw is between the keyboard and the chair.
34. Re:There's an even greater flaw here. by benjymouse · 2015-09-30 09:05 · Score: 1
  
  Yet its still better than anything that Microsoft can come up with.
  System Integrity Protection is akin to Windows Resource Protection - which has been in Windows since Vista. Welcome to 2006.
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
35. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 10:40 · Score: 0
  
  Which has been in OSX Cince 2005.
  Learn details before you troll fool.
36. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 10:47 · Score: 0
  
  Because she clicks on everything. the ONLY way to get MacHelper is to click on it download it, click to install it and let it install.
  Your niece is a pretty dimwitted computer user and will probably hose up even an android phone.
37. Re:There's an even greater flaw here. by Anonymous Coward · 2015-09-30 22:03 · Score: 0
  
  So El Capitan was released in 2005?
Great by Anonymous Coward · 2015-09-30 02:37 · Score: 0

Please can they put it in all Applications as Apple keeps resetting my security settings with each release of OS X - I now have to unlock and 'Allow from anywhere' several times a year.
1. Re: Great by Anonymous Coward · 2015-09-30 05:00 · Score: 0
  
  Boo fucking hoo. I must be new here or something because Christ sakes you people sound like average users. It literally takes you 10 seconds "several times a year". Get over it. It's not a big deal. If you didn't have gatekeeper and ran anything and got infected you would blame apple.
2. Re: Great by KGIII · 2015-09-30 07:02 · Score: 1
  
  I use Linux and, sometimes, BSD. I kind of like having to enter a password to do shit. I like needing sudo gksudo su etc... I don't mind the extra time. I do like the extra safety. I don't even venture out of the blessed repositories much these days. I prefer signed code and, in Linux, it's usually all signed but, honestly, I seldom check anything as I don't really stray far from the nest any more. I like my stuff to just work. I have some very complicated stuff at home and, yet, it generally always just works.
  
  --
  "So long and thanks for all the fish."
So no real news then by Anonymous Coward · 2015-09-30 02:46 · Score: 0

0. bug found
1. bug reported
2. bug acknowledged (*)
3. bug fixed
4. bug fix in testing
5. fix scheduled for release TBA
(*) So the only newsworthy item is that Apple actually acknowledged they had a bug. Something they never do, having given them may test cases myself
AC: NDAs are legal you know.
History repeats itself? by aicrules · 2015-09-30 03:05 · Score: 3, Funny

So even without the little pi symbol Gatekeeper is still full of holes.
1. Re:History repeats itself? by Anonymous Coward · 2015-09-30 04:54 · Score: 0
  
  Those Praetorians are bad news. let it go.
Lunix by Anonymous Coward · 2015-09-30 03:22 · Score: 0

Does Linux have any concept of signed executables? It would be nice to know if ./nvidia_installer.run is an authentic NVIDIA binary, for example.
1. Re:Lunix by captnjohnny1618 · 2015-09-30 03:28 · Score: 1
  
  It's not signed code per-se, but nvidia does provide checksums from the website:
  
  cuda_7.5.18_linux.run (md5sum: b22ef6bc073f7cf767f547a84fb0e3c2)
  
  (see https://developer.nvidia.com/c... for more versions)
  
  If your unfamiliar with how to use a checksum, I suggest reading http://lifehacker.com/247262/h...). Basically though, if they don't match, don't trust it.
2. Re:Lunix by AqD · 2015-09-30 03:40 · Score: 1
  
  On Linux the installation packages are signed (by third-party), not the executables.
  Signed executables pose two serious problems:
  1.The developers are effectively signing by themselves. Windows malware authors have no problem buying keys from Microsoft to sign their rookits as certificated drivers - until they're found.
  2.Non-executable parts (anything non-ELF on Linux) are left for developers themselves to verify: such as VIM plugins/scripts. Most of them would never bother to develop comprehensive system for that.
  The current solution of signing by third-party is not without drawback: time/delay is a key issue as they cannot possibly verify any software that is just released a few days ago, and commercial softwares are self-signed since they wouldn't allow their softwares to be distributed freely. Also they don't really verify new versions of existing softwares.
  But it's still far more suitable than having developers doing all the signings by themselves.
And now, Steve Gibson by Anonymous Coward · 2015-09-30 03:26 · Score: 0

To tell us how this is overblown, don't get hysterical..
1. Re:And now, Steve Gibson by KGIII · 2015-09-30 07:06 · Score: 1
  
  I don't see Macs4All or CanadianMacFan in here, either. There's usually a few more. Anyhow, Gibson, of GRC fame, is pretty level headed. I admire his work greatly. He's also a very eloquent conversationalist though much of what he says goes a bit over my head. He's pretty bright or I'm pretty stupid - both could be true.
  
  --
  "So long and thanks for all the fish."
2. Re:And now, Steve Gibson by macs4all · 2015-10-01 09:04 · Score: 1
  
  I don't see Macs4All or CanadianMacFan in here, either. There's usually a few more. Anyhow, Gibson, of GRC fame, is pretty level headed. I admire his work greatly. He's also a very eloquent conversationalist though much of what he says goes a bit over my head. He's pretty bright or I'm pretty stupid - both could be true.
  Honestly, I didn't see this article until just now.
  
  Gatekeeper isn't perfect, and I agree that if it were me designing the feature, it would have signed the .app Package, rather than just the Launch executable. But without digging into it, it seems like Gatekeeper was designed to strike a reasonable balance between "utterly safe" (which NOTHING is) and making Developers have to re-sign code every single time they update something in the App Bundle.
  
  My feeling is that Apple may change that policy, though; since it does seem like a somewhat exploitable hole.
virtual machine. That's how we run malware on purp by raymorris · 2015-09-30 03:57 · Score: 1

We run malware on purpose. In a simple virtual machine. Simple matters - when you do tricky stuff like sharing storage between the VM and the host, it may open vulnerabilities.
Bug is I can modify code signed by Apple by raymorris · 2015-09-30 05:19 · Score: 5, Informative

The exploit is for users with #2, registered developers. A bad guy who is not a registered developer can publish code which appears to be signed by a trusted developer.
The root of the problem is that it checks a signature on the -executable-, not the -package-. A typical package has a setup executable, which we'll call setup.exe. That's signed by Apple, Adobe, or whoever the developer is.
Setup.exe loads whattodoo.dll and runs some functions in it, then runs register_filetypes.exe, does some other stuff, then runs photoshop.exe. Neither whattodo.dll, register_filetypes.exe, photoshop.exe, nor the package the came in need to be signed. MOST of the executable code isn't signed.
A bad guy can download the Photoshop package and replace whattodo.dll and register_filetypes.exe with code of their choosing. Just rename backdoor.dll and botnet.exe. Mac treats it as signed because setup.exe is signed.
So the victim would download a malicious package and because setup.exe is signed, OSX would run it by default- thereby running backdoor.dll (renamed as whattodo.dll) and botnet.exe (renamed as register_filetypes.exe).
This is normally avoided on Linux by signing / hashing the entire package, not just one file in the package.
1. Re:Bug is I can modify code signed by Apple by Anubis+IV · 2015-09-30 05:22 · Score: 1
  
  Gotcha, thanks for the explanation. That clears up my misunderstanding quite a bit. I appreciate it!
2. Re:Bug is I can modify code signed by Apple by Anonymous Coward · 2015-09-30 07:09 · Score: 0
  
  What kind of crack are you smoking? There are no .exe files in OS X.
3. Re:Bug is I can modify code signed by Apple by Anonymous Coward · 2015-09-30 08:14 · Score: 1
  
  What kind of crack are you smoking? There are no .exe files in OS X.
  No shit, Sherlock; it also doesn't have Windows DLLs, either, but he didn't say either thing. He implied he was using hypothetical terms and names with the first sentence he said "setup.exe" in: " A typical package has a setup executable, which we'll call setup.exe."
  What he did is similar to using pseudocode to explain logic concepts without requiring understanding of a specific programming language. In this case, he just used Windows terminology to explain a general computing concept. I use Linux and still knew what he was talking about.
  Either you're a moron or you already understood what he meant and just wanted to be a belligerent fucktard.
4. Re:Bug is I can modify code signed by Apple by scdeimos · 2015-09-30 11:04 · Score: 1
  
  The root of the problem is that it checks a signature on the -executable-, not the -package-.
  I think you've got that ass-about-face. Gatekeeper only checks the signatures on .app files - Apps or Applications as downloaded from the App Store and various web sites. The .app files are essentially .zip archives containing a bunch of executables, library files, media content, configuration data, etc. Every other executable on the system is not even checked by Gatekeeper which is why people are still able to use Homebrew and MacPorts to download, compile and execute *nix software.
  The attack scenario allows a malicious .app file to be trusted which then turns around and downloads other executable content and is then able to run that because that other content is not checked by Gatekeeper.
Gatekeeper by soft_guy · 2015-09-30 05:24 · Score: 4, Interesting

If a user doesn't know how and can't figure out or google how to bypass Gatekeeper, they shouldn't be bypassing Gatekeeper. I'm a Mac developer and I work on a commercial application that uses a privileged helper tool which the app loads using SMJobBless and that tool is managed by launchd and executed as root. We are an identified developer and we sign our app as such. We don't distribute via the App Store and we are about to ship a new version that adds a kernel extension that I wrote. In recent versions of MacOS X, kernel extensions must be signed and they have to at least by signed by an identified developer who has applied for a kernel extension signing certificate. One of the scenarios that I pay attention to as far as security goes is that our daemon (aka "privileged helper tool") executes other processes and also controls the loading and unloading of our kernel extension. Most of those processes, and our kernel extension, are located in our application bundle. I wanted to avoid making dumb assumptions like that our application is running from a particular path, so the app communicates to the daemon via XPC and tells the daemon where the app bundle is located. The daemon doesn't just trust the app. It verifies that the app is code signed and that it is our app and that it hasn't been modified before it starts executing things or loading kernel extensions from inside the app bundle. I can easily imagine a scenario where an app could call our daemon and tell it some other location and cause us to execute malware if we didn't do this. Since I'm not a security expert, I constantly worry that someone will find a way to do this and I just hope we never become an attack vector. I do not want my product on Slashdot because of a security problem.

--
Avoid Missing Ball for High Score
Re:virtual machine. That's how we run malware on p by Anonymous Coward · 2015-09-30 05:45 · Score: 0

Ooops... 20 year old exploit that exists in most x86 chips that allows you to escape VMs/Hypervisors....
The Memory Sinkhole
I can name it .exe if I want to. by raymorris · 2015-09-30 11:17 · Score: 1

On real operating systems, including OS X, the executable can have any name I want it to have. If I want to name it setup.exe, I will.
I -could- have named the exectuable icon.png, but that would make the explanation much harder for idiots like yourself to follow.
not downloaded , but included outside of signature by raymorris · 2015-09-30 11:26 · Score: 2

I simplified a bit. The malicious code can be inside of the .app package- it does not need to be downloaded separately. It LOOKS like the signature is on the package, but it's not. It's on some parts of the package. Here's a quote from the Apple developer documentation for you:
Changes That Don't Invalidate a Code Signature
There are a few changes you can make to a signed bundle that won't invalidate its signature.
If you have optional or replaceable content you wish to change without invalidating the code signature, nested code can be replaced ... without disturbing the outer signature.
Throughout the Apple documentation, you will find references to the "main exectuable ". This is the file that's primarily protected. In my example above, that's setup.exe.
yes one bug, fixed years ago. Compare Windows by raymorris · 2015-09-30 13:14 · Score: 1

Yes, virtualization isn't guaranteed to always be 100% perfect. There was one bug that was fixed years before it became public. Compare the number of bugs in Windows over the last 10 pr 20 years. I'd say running within the hypervisor is several orders of magnitude safer.
As I mentioned, that's one reason we use the simplest practical virtualization- to avoid bugs in hypervisor features or related utilities. It's pretty darn effective, though not 100% perfect.
Air gaps and disposable images can of course be pretty safe too. If you're paranoid, you can keep the test hardware only for malware testing - never move a box from testing to production. That adds a layer of protection against damage from firmware exploits.
was there responsible disclosure? by v1 · 2015-09-30 23:49 · Score: 1

Did they notify Apple of the problem and wait before publishing the details on the exploit, to give them a chance to push a fix before releasing the information to the public? It looks like they threw out the details of the hole into the wild before giving anyone a chance to patch it?

--
I work for the Department of Redundancy Department.