Published in News

Apple’s security takes another hit

by on08 February 2016


Revolving door gatekeeper

While the fruity cargo cult Apple is busy bricking users for the crime of not using its genii to fix its overpriced toys, its reputation as being super secure is taking another battering.

For those who came in late, Apple pretended for years it had good security on the basis that no one could be bothered hacking one of its gizmos to steal someone’s Coldplay collection. Lately however the company has been taking a battering after hackers started hitting the company hard and holes in its security became glaringly obvious.

In this case it is Apple’s rather fast and footloose attitude to certificates. A developer certificate was signed to Maksim Noskov and it has been used for nearly two years to carry out attacks on Apple gear. The Gatekeeper software that is supposed to stop it sees the malware as being signed with a legitimate Apple developer certificate.

Apple has known about it for ages it just has never bothered revoking the certificate. After all that would mean admitting that it should have done it two years ago.

Johannes Ullrich, dean of research of the SANS Institute’s Internet Storm Centre finally had enough and publicly disclosed the campaign.
Apparently the malware based around the certificate was distributed using click-bait links on Facebook, below. He was served a pop-up warning that his Adobe Flash Player was out of date. Ullrich was using a clean default install of OS X 10.11 in a virtual machine, and Flash was not installed on the image.

If the user clicks on the download button in the popup, the scareware is installed as well as a legitimate and current version of Flash Player.

This is not the first time that Apple’s Gatekeeper has been shown to be letting dodgy software through. Researcher Patrick Wardle has also demonstrated some Gatekeeper bypasses that don’t require a certificate that have been partially addressed by Apple.

Ullrich said Apple’s XProtect, built-in antimalware protection on OS X, did not work either. This is not a surprise as detection rates on VirusTotal were normally pretty low.
Once the installer installs the malware they are told to start a scan of their computer for problems. The scan shows logos from security companies that the tool has been verified.

The scan returns a number of viruses, Trojans etc., that need to be addressed, and offers the user the chance to buy a cleaning tool.
The malicious ad likely does browser fingerprinting in order to target OS X users the adverts did not off similar pop-ups on a Windows image.

Last modified on 08 February 2016
Rate this item
(8 votes)

Read more about: