Online security researchers recently reported that the new Mac OS X El Capitan update left two unpatched security flaw. The unpatched security weakness could leave user passwords open for hackers to steal as well as malware infection.
Notable Mac hacker Patrick Wardle is scheduled to expose the security weakness in the upcoming VB2015 conference. Wardle said that security flaw allows malicious hackers to completely bypass and ignore Apple's Gatekeeper technology which is designed to detect and prevent unsigned and unverified codes from entering Mac computers.
"Gatekeeper has one job: to block unauthenticated code coming from the internet," Wardle told Forbes. "We've completely bypassed this. To me, Gatekeeper is no obstacle at all. It provides some protection against lame adversaries. But I'm sure more advanced attackers have already figure this out."
Also, Wardle explained that even security minded users are susceptible to the attack which can be triggered by accepting downloads vetted from the Apple App Store. According to Apple Insider, Wardle did not reveal which Apple signed file was used in hacking into Mac since it could put users in danger of hacks.
Providing a clue, Wardle said that the software is a terminal application that launches a second unsigned app in its native directory. Even though the attack opens a terminal, he was able to make it invisible to users by simply changing the name of the application.
Wardle was able to perpetrate the attack by taking advantage of known Gatekeeper weaknesses. One well known weakness is that the tool only does one check on app bundles and it does not perform additional checks when the download is launched.
Wardle is the head of research at bug hunting company Synack.