Yet the Gatekeeper software doesn’t check all components of Mac OS X download files, according to Wardle. Normally, anyone who intercepts a download to turn it nasty won’t get away with it, as Mac Gatekeeper will see that the vendors’ original signature has been altered or taken away entirely, and the software tampered with, meaning it’s no longer trusted. There is method in their madness, as they trust Apple's Gatekeeper security technology to recognise the digital signatures they sign their software with that should guarantee the authenticity of the download.īut a former NSA and NASA staffer Patrick Wardle, who now heads up research at security start-up Synack, believes he has found a new way to abuse such insecure downloads and bypass protections in Apple Macs without getting caught. dmg files, for products including Kaspersky, Symantec, Avast, Avira, Intego, BitDefender, Trend Micro, ESET and F-Secure are all sent over unencrypted HTTP lines, rather than the more secure HTTPS. Want to know something odd? It’s 2015 and all the top anti-virus products for Mac OS X use insecure lines to transmit their software to Apple machines.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |