On the heels of the Xcode Ghost comes another Apple vulnerability. This time it's in the Apple OSX Gatekeeper, which was designed to combat various forms of malware. Security researcher Patrick Wardle from Synack found that the security feature can be bypassed using a simple trick involving the use of a signed binary. Apple seems to be working on a patch, but right now, systems are still vulnerable. Here's my POV.
Tags: malware, apple, gatekeeper
The recent breach of Apple’s App Store by malware from China is another in an ongoing series of grim reminders about the porous state of today’s security measures. While this marks the first successful major attack on this key Apple marketplace, it was really only a matter of when – not if – such a breach would occur. Just to be clear, Apple’s App Store infrastructure itself wasn’t breached. The Xcode developer toolchain was trojanized and made available in alternate sources to the App developers.
