A flaw in the wall of the Gatekeeper

Gatekeeper is a keeper haughty that prevents to install anything on a Mac. Unless malandrino found a way to circumvent the protection system of macOS ! Filippo Cavallarin has put the hand on a vulnerability of the technology from Apple to run malicious code without the user’s permission or any warning.

The flaw is relatively simple, it exploits a behavior of the Gatekeeper, which considers the external media and shared servers as secure locations ; therefore, the applications stored on these spaces are allowed to run on the Mac without any form of trial.

Add to that two standard features of macOS : the automatic mounting of a server (with a special URL starting with /net/), which is read to macOS the contents of a folder on the remote server. The second concerns the files compressed ZIP containing links pointing to a specific location. The application macOS in charge of the decompression of the ZIP archive does not check this type of links.

By combining these behaviours, a forban is therefore able to run the code the runs on the Mac of the victim without the latter being aware of it. Rather dangerous so, as Filippo Cavallarin demonstrates in the video above. The researcher has complied with the rules in force, that is to say to have warned Apple it was 90 days. The manufacturer must correct the blunder with macOS 10.14.5, but ultimately nothing has been done. Since 15 may, Filippo faces at a wall, Apple is not responding to his e-mails.