Security researchers: to bypass Gatekeeper security vulnerabilities macOS

Security researchers from Italy Segment information security company's Filippo Cavallarin, macOS recently disclosed security vulnerability that allows hackers to bypass the Gatekeeper security mechanisms to execute arbitrary programs. Gatekeeper is Apple since the beginning of 2012 in macOS in the deployment of security mechanisms that can both detect and block malware, as well as user on the network to download malicious files to ensure macOS can only be performed from the App Store or Apple application developers to obtain credentials. However, Cavallarin pointed out, the external disk and network Gatekeeper share deemed safe area, allowed to execute any program from the two security zones, when coupled with two legitimate function of macOS can successfully bypass the protection of Gatekeeper. One of the legitimate functions to allow users to mount network of autofs, another legitimate function is to allow the ZIP archive containing a symbolic link to point to any area, so macOS responsible for decompressing ZIP files software in establishing them, are not and then check for symbolic links.

So a hacker can first create a ZIP file containing symbolic links pointing to hackers control of autofs endpoint, and then send it to the victims, when victims download malicious files and unzip, it will be directed to the symbolic link, fall under the control of hackers, Gatekeeper was considered safe area, bringing the hacker can execute arbitrary files, and the user will not receive a warning. Cavallarin Apple said he was informed in February 22 this year, and according to Apple's statement, May 15 this year, was released macOS 10.14.5 patch the vulnerability, but Cavallarin found that Apple did not successfully patched the vulnerability, and Apple did not respond to his mail again, he had to choose open to the public details of the vulnerability. Source: www.ai.org.tw/map.asp