Bypass Gatekeeper & Exploit macOS v10.14.5 & Earlier


Apple’s Gatekeeper security software for macOS (Mac OS X) is vulnerable to remote attacks up to version 10.14.5. An attacker that’s anywhere in the world can exploit MacBooks and other Mac computers by sharing a single ZIP file.

The vulnerability was discovered by Filippo Cavallarin, a security researcher and CEO of We Are Segment, an Italian cyber-security company. In his blog post, Filippo demonstrates how a remote attacker can exploit the vulnerability. His video (below) also shows it in action.

At the time of this writing, there is no patch for the vulnerability. It affects macOS Mojave 10.14.5 and all prior versions according to Filippo, so High Sierra, Sierra, El Capitan, Yosemite, and so on are likely all vulnerable. He has made several attempts to communicate the issue to Apple but has not received a follow-up response after responsibly disclosing the vulnerability over 90 days ago.

Read more…