Gatekeeper flaw opens Apple systems to intrusion

News by Greg Masters

Mac users who have long felt secure from cyber-attacks may now be susceptible owing to a reported flaw.

Apple's Gatekeeper program verifies that downloaded apps have been vetted on the Mac App Store. If an app is detected as coming from an unknown developer, one who lacks an Apple Developer ID, the program should be blocked.

However, a flaw, logged as CVE-2015-7024, may enable hackers to get in, according to Kim Komando. "Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more," the blog said.

The flaw was reported last year by Synack researcher Patrick Wardle and Apple issued a fix. However, the company mitigated only some of the entry points through which hackers could gain entry, the blog reported. "It's vulnerable if you're not using the secure HTTPs protocol, or you're not accessing the app from the Mac App Store," says Komando.

Apple is said to be working to fix the flaw.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews