Apple’s GateKeeper is a background technology in OS X that helps thwart malware. It does so by assessing three levels of identification for an app (Unsigned, Signed, and Signed with App Store distribution), and then imposing options to block execution of apps that are either unsigned, or not distributed through the App Store. However, a simple workaround exists that can allow malware to overcome Gatekeeper’s blocks and run.
In essence, once a program passes GateKeeper and is allowed to run, its activity will no longer be monitored by GateKeeper. This means that such a program may launch a second program successfully, even if the second program is not otherwise able to pass GateKeeper. If this second program is malicious, then it will run and affect the computer.
This behavior is somewhat proof-of-concept in nature; however, as reported by ArsTechnica, there are current programs that use this approach (some of which are developed by Apple), which can technically be tricked into having unsigned programs run even when GateKeeper is on. In its demonstration, ArsTechnica was able to use an unnamed Apple-supplied program to run a compromised secondary program, and similarly use legitimate third-party software like Photoshop to run compromised bundled plugins.
Overall, at the present moment Apple is aware of the vulnerability and a fix is apparently in the works, but there is no information on when it will be available. In the mean time, this exploit is primarily in the proof-of-concept phase, and does require specific modification of installer files in order to work. This means that even though this overcomes Apple’s security, it will still require you obtain compromised software from unofficial third-party software distribution sites, an act that essentially breaks a primary rule of any computer security. Provided you only get your software from the App Store or directly from developer Web sites, then you should be safe from this problem.
