With the network sharing function, it is possible to bypass the GateKeeper function, which is supposed to check the authenticity of downloaded software. No patch is available at the moment.
.jpg)
Source
Researcher Filippo Cavallarin has revealed a zero-day flaw that bypasses the GateKeeper function for macOS (versions 10.14.5 or lower). This protection verifies the origin and authenticity of software downloaded through certificates issued by Apple. If the signature is not authentic or non-existent, the system displays an alert to alert the user that the software is not trustworthy.
However, GateKeeper allows software from an external or networked hard drive to pass without hesitation, as these sources are trusted by default.
The researcher, therefore, had the idea of creating a ZIP executable file and using a symbolic link to point it to an external resource that pretended to come from a network share.
For example: "Documents -> /net/evil.com/Documents". On macOS, such sharing is automatically mounted, and the downloaded software does not cause any alarms from GateKeeper.
No solution is available yet but a possible workaround is to disable automount:
- Edit /etc/auto_master as root
- Comment the line beginning with '/net'
- Reboot
The researcher demonstrated his attack in a Youtube video:
Apple has been alerted to this vulnerability but has not released any patches yet. To avoid being fooled, Filippo Cavallarin recommends deactivating the recommends deactivating the automatic setting up of shared network drives. This procedure requires you to modify a system file in macOS.
Source: Blog note
I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!
This is my guide To Secure your PC after a fresh installation of Windows
If you think that your Phone or your PC has been hacked, you have to check it right now!
That's how you can be more Anonymous on the internet!
The Future of Cyber-Security, what to expect?
The best Crypto debit card – Wirex!
These are the best VPN to protect your numeric life: NordVPN, ExpressVPN and CyberGhost!
Your PC is slow? That's why!
Why is it important to Be Discreet on the Internet
What Do Tech Giants Know About You? A New Tool To Get An Idea!
Feel hot? Your Computer also!
How an Adware works?
That's how you should guard against Trojan!
What are the different Types of hackers?
