OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Bypassing Apple’s Gatekeeper

Published October 8th, 2015 at 5:15 PM EDT , modified October 8th, 2015 at 5:15 PM EDT

Ever since Apple first introduced Gatekeeper, malware creators have been trying to find a way around it.

Many different pieces of malware have done so, but at the Virus Bulletin Conference in Prague, Patrick Wardle, a security researcher at Synack, presented his findings on some new and interesting ways to skirt Apple’s security.

Read the full story on Malwarebytes Unpacked.

2 Comments

  • U.N. Owen says:

    This isn’t about this topic, specifically – I don’t think, but, I can’t find how to contact you, Mr. Reed, and/or The Safe Mac, in general.

    Last week, something happened, which went by, almost in the ‘blink-of-eye;’

    I saw a download occur on my Mac – one, which, not only hadn’t I even selected, but, there WASN’T any option given.

    I was – let’s just say, somewhere you wouldn’t recommend.

    Something caught my attention, and, as I turned back to the screen, a ‘Adobe’ Flash Update’ was downloading.

    Here’s the thing;

    Aside from there having been no prior ‘do you WANT to download,’ or not, there wasn’t even one of those ‘buttons,’ click to install,’ on one, and some other faux option ‘which would ALSO install.

    So, it started to download, but, it was NOT being listed in the ‘downloads,’ NOR could I locate it in any useful place.

    I’d NEVR experienced this before, and since this all happened in a ‘link,’ I’ve no screen-captures, nor can I tell you for certain where it happened, though, I’m pretty sure it was one of 2-3 sites I use (I won’t say here, in public, cos I know many people go there, and you repeatedly say ‘stay away,’ but, if you ask, certainly).

    • Thomas says:

      Any website can trigger a download instantly via JavaScript, without so much as a by-your-leave. Fortunately, getting that download to automatically open or install is not something that can be done, barring the usage of a currently unknown browser vulnerability.

      So, just close the site, drag the download to the trash, and don’t go back to that site again. Nothing more should be needed.

This post is more than 90 days old and has been locked. No further comments are allowed.