Emerging Threats

Newly discovered flaw in Apple Gatekeeper could allow malware onto Macs

Authored by a Symantec employee


Researcher Patrick Wardle has discovered a security weakness in Apple’s Mac OS X Gatekeeper technology that could allow attackers to run unverified, and possibly malicious applications.

What is Gatekeeper?

Gatekeeper is an anti-malware feature designed to keep untrusted and malicious applications from reaching Macs. Gatekeeper’s default settings are to only allow applications downloaded from the Mac App Store onto a Mac. However, users have the option to change these settings to allow apps to run no matter where they are downloaded from.

Unverified applications are apps that have not been vetted through Apple’s App store.

How To Stay Protected

According to Wardle, Apple is working on a patch for this bug, however until the full patch is available, users should use caution and only download applications from trusted sources, such as the Mac App Store. To be sure that you are safe, verify Gatekeeper’s settings by launching System Preferences and clicking on Security & Privacy, and make sure that Apps are only allowed from the Mac App Store and Identified developers.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.