Former NSA Staffer Finds Way To Bypass Apple Inc. Mac Gatekeeper

Most anti-virus companies trust the Gatekeeper security technology in Apple’s Mac products so much that they use unencrypted HTTP lines, instead of HTTPS, to transmit their software to Macs. They believe Gatekeeper would guarantee authenticity of the download by recognizing the digital signatures anti-virus companies sign their software with.

Gatekeeper doesn’t check all components

But former NSA researcher Patrick Wardle told Thomas Fox-Brewster of Forbes that he has found a way to bypass the Apple Mac’s Gatekeeper security and abuse such insecure downloads. Wardle told Fox-Brewster that the Gatekeeper does not check all components of the OS X download files. A malicious version of a “dylib file” (dynamic library) can be sneaked into legitimate downloads performed over insecure HTTP lines. This way you can infect Macs and steal data.

However, apps downloads via Apple’s Mac app store are not vulnerable. If a hacker can “hijack” dylib processes in Mac apps, they can attack an Apple computer and steal user data. Wardle admits that this kind of attack won’t be easy. The first step is to get on the same network as the target. Then you have to put in a legitimate but vulnerable application into the download.

Apple’s XCODE can also be abused

Next, rearrange the .dmg content so that your legitimate software is shown to the target. That’s not a tricky thing because you can set an icon and name of the vulnerable app to make sure that nothing looks suspicious. To find vulnerable apps, Wardle created a scanner that identified apps that would use his malicious dylib files, according to Forbes.


The scanner identified over 150 such apps on Wardle’s own Mac. It included Dropbox, iCloud Photos, Microsoft Word and Excel. Apple’s GPS Keychain and developer tool XCODE can also be abused. When the target launches the injected legitimate app, the unsigned naughty dylib files are loaded or executed even before the app’s main code. The dylibs can do anything at this point.

Apple Hijack

Wardle said that the attack could also work on downloaded .zip files that contain applications.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Vikas Shukla
Vikas Shukla has a strong interest in business, finance, and technology. He writes regularly on these topics. - He can be contacted by email at [email protected] and on Twitter @VikShukla10

Be the first to comment on "Former NSA Staffer Finds Way To Bypass Apple Inc. Mac Gatekeeper"

Leave a comment