Researchers from disclosing vulnerabilities to bypass Gatekeeper of macOS - Code World

Researchers from disclosing vulnerabilities to bypass Gatekeeper of macOS

News 2019-05-28 08:01:51 views: null

Filippo Cavallarin security researcher recently disclosed security vulnerabilities of a macOS that could allow hackers to bypass the Gatekeeper security mechanisms to execute arbitrary programs.

Gatekeeper is Apple since 2012, security mechanisms deployed in macOS X, which can detect and block both malicious programs, as well as users to download malicious files from the network, ensure macOS X can only be executed from the App Store Apple Developer program or to obtain credentials.

However, Cavallarin pointed out that in the current implementation, Gatekeeper external drives and network shares as a "safe position." This means that it allows any application to run these positions included without checking the code again, if this design combined with two legitimate function of macOS X, Gatekeeper can be completely bypassed.

The first is a legitimate function automount (aka autofs), which allows the user (in this case, any path to "/ net /" beginning) to mount network access only by "special" path.

The second is a legitimate function of a zip archive may contain symbolic links to any location (including automount enpoints), and is responsible for software unzip the zip file does not perform any checks on them before you create symbolic links on macOS.

Thus, the hacker can first create a zip file containing a symbolic link automount endpoint hackers control point (from Documents -> /net/evil.com/Documents) and sends it to the victim. Victims download malicious files, extract and follow symbolic links. Now, the victim is located under the attacker's control, but the state by Gatekeeper trust, so any attacker can control any file, and the victims do not receive a warning.

Cavallarin said he was informed Apple this year, February 22, which should be published macOS 10.14.5 solving this problem in May 15. But Apple did not successfully patched the vulnerability, nor respond to e-mail again, so he chose to open to the public details of the vulnerability.

Finally, Cavallarin given a possible solution - disable auto mount:

As root edit / etc / auto_master
Comments to '/ net' at the beginning of the line
Restart

Guess you like

Origin www.oschina.net/news/107024/macos-gatekeeper-bypass

Researchers from disclosing vulnerabilities to bypass Gatekeeper of macOS

Security researchers: to bypass Gatekeeper security vulnerabilities macOS

Bypass network card: Whose bottom line is touched by disclosing IP territory?

The researchers found eight vulnerabilities in Google Nest Cam IQ

Researchers Discover 3 Vulnerabilities in Microsoft's Azure API Management Service

IBM QRadar Advisor vulnerabilities to bypass security restrictions

Exploit analysis of common web vulnerabilities that bypass WAF

File contains vulnerabilities-middleware log contains bypass

Common file upload vulnerabilities front and back end bypass

Principles of remote command execution vulnerabilities and protection bypass methods

The file contains vulnerabilities-str_replace function bypass and-includes truncation bypass

Decoding mechanism from the browser (for XSS encoding bypass)

Venus Gatekeeper

god and gatekeeper

From Password Reset to Getshell and Other Vulnerabilities Packed

Microsoft discovers multiple vulnerabilities in ncurses library, affecting Linux and macOS systems

Nacos 1.4.1 is released, fixing the security vulnerabilities that specify special UAs that can bypass all authentication

Angular Security Special No. 3 - Authorization Bypass, Exploiting Vulnerabilities to Control Administrator Accounts

Hackers made a fortune from Google security vulnerability, Google paid $ 6.5 million in prize money to security researchers

Memory protection mechanism and bypass scheme - bypassing safeSEH from the heap

How do 4 typical security vulnerabilities come from? How to solve?

Gatekeeper Information Exchange

MacOS installation brew tutorial from entry to entry

Compile Percona XtraBackup from macOS source code

Compile qpress from macOS source code

MacOS prohibits FortiClient from starting automatically

A new review of large-scale language models: the most comprehensive inventory from T5 to GPT-4, co-written by more than 20 domestic researchers...

A new review of large-scale language models: the most comprehensive inventory from T5 to GPT-4, co-authored by more than 20 domestic researchers

Principe de fonctionnement du Gatekeeper

Test from shallow to deep -jmeter how to bypass the token or sign detection mechanism

Recommended

Ranking

A quick primer on numpy basics

Two sister tease python project

Java | Multiple keywords in the replacement content are returned to the front end in red style

C ++: references

The string leetcood 1018 is a binary prefix divisible by 5

Flutter 布局组件

Java combat spingboot-redis

PMP pre-exam sprint and wrong questions sorting

ActiveMq C# Message Features: Delayed and Timed Message Delivery

DSP28377S_ copy a program from the RAM to FLASH portion DETAILS

Daily

More

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)