Slashdot Mirror


Apple's Gatekeeper Still Broken (csoonline.com)

itwbennett writes: This weekend, Apple security expert Patrick Wardle will detail a vulnerability in Apple's Gatekeeper that makes it possible to bypass the anti-malware defense. This is the same vulnerability that was disclosed last April, which Apple said it patched later. Wardle was able to easily bypass Apple's fixes. He says "all Apple did was blacklist the signed apps he was abusing, but didn't fix the underlying issue, which is that, essentially, Gatekeeper functions as a guard that doesn't check" software already on the whitelist.

2 of 80 comments (clear)

  1. Re:Doesn't matter. by gstoddart · · Score: -1, Troll

    People will still flock to Apple and buy the shit out of it. And Apple knows it.

    And what are the options?

    Windows? Which is taking away control of your computer and sending analytics to the mother ship whether you agree or not? And which has been a source of security holes forever?

    Linux, in which you hope you will be able to find a replacement for all of your stuff, or have to buy new stuff so it can be supported?

    ChromeOS in which everything you do is sent to Google?

    There's a finite amount of choices, and the Windows isn't a better choice, and Linux (despite what it's adherents claim) doesn't support everything people want.

    But, hey, keep acting like Apple is the worst of all possible options. I know people from tech VPs to the guy who installed my fireplace which are Apple-only households, and happy as hell about it.

    --
    Lost at C:>. Found at C.
  2. Re:Apple is New to Reacting to Security Threats by cant_get_a_good_nick · · Score: 1, Troll

    To be honest, Apple is arguably better at this point than Microsoft was at a similar point in it's lifecycle, from a tech standpoint. Rootless MacOSX is a thing. Gatekeeper, though major holes, is a thing. It's just that back then, the Internet was not as much of a source of riches. There's never been a Slammer work for MacOSX. Nor a "I love you" virus.

    You know who else had really bad security reputation? Redhat was horrible in the beginning. You know what famous developer doesn't pay enough attention to security? Linus Torvalds.

    Not to skewer MS. Not to skewer Linus or Linux. But realize we're comparing relative bad here. The best OS from a security standpoint is just the least horrible OS on a security standpoint.

    Security is hard. How do i patch an infinite state machine against people who can make a lot of money breaking it. It's not a trivial task.