Mac Developer: How malware developers could bypass Mac’s Gatekeeper without really trying | Ars Technica
The exploit works with Apple-trusted executable apps that are bundled with, and are programmed to execute, one or more additional apps. The hack works by renaming the Apple-trusted file but otherwise making no other changes to it. Wardle then packages it inside an Apple disk image that contains any executables he wants. Gatekeeper inspects only the first executable file and allows the remaining bundled apps to be executed with no questions asked.
Labels: secure coding mac