Security vulnerability found in Apple’s GateKeeper

A critical security vulnerability has been discovered in macOS that can allow attackers to execute harmful applications on Macs. According to a report on cyware.com, the flaw was discovered by security researcher Filippo Cavallarin. According to him, a security mechanism called GateKeeper in macOS treats both external drives and network shares as safe locations and can allow any application to run. Due to this, ZIP files containing malicious code can be executed.

GateKeeper’s faulty behavior was observed in macOS latest version 10.14.5. As of now, no patch is available to fix this behavior. Cavallarin noted that the behavior could be exploited with two legitimate features in macOS. The first feature was autofs/automount feature, which automatically allowed users to mount a network share by accessing any path starting with “/net/”. The second feature was the way macOS handled ZIP files with symbolic links. MacOS does not perform any security checks when decompressing ZIP files containing these links.

Cavallarin said that despite contacting Apple about this issue, the company failed to fix GateKeeper, the cyware report said. “The vendor has been contacted on February 22th 2019 and it’s aware of this issue. This issue was supposed to be addressed, according to the vendor, on May 15th 2019 but Apple started dropping my emails. Since Apple is aware of my 90 days disclosure deadline, I make this information public,” Cavallarin said.