Security researcher says there’s still a problem with Apple’s Gatekeeper feature for the Mac

In September 2015 security researcher Patrick Wardle of Synack problem with Apple’s Gatekeeper system on OS X. He says the problem is still there, according to Engadget.

Some apps downloaded and installed from the Internet could adversely affect your Mac. Gatekeeper is designed to help protect your Mac from such apps. Apple really wants you to download Mac apps from its Mac App Store.

For apps that are downloaded from places other than the Mac App Store, developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and verify that apps haven't been tampered with since they were signed. If an app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed.

While Gatekeeper does a good job of stopping malware-infected apps that users have downloaded, there’s a problem: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory and infect a Mac. Waddle informed informed Apple about the problem, and the company released a security update. 

However, “instead of treating the disease, Apple went after the symptoms,” says Engadget. Wardle says he’s been in touch with the security team at Apple, and they say they’re working on a more comprehensive fix.

However, Wardle is concerned about end users that have put their trust in a security update that doesn't actually fix the problem. He told Engadget, "I can reverse engineer this (the security patch) in five minutes so it's something others can do as well.” While Apple is working on a fix, Wardle suggests only downloading apps from the Mac App Store or from trusted vendors that use HTTPS.