قالب وردپرس درنا توس
Home / Mac / Apple's macOS security infrastructure can't work on your Mac (Apple Gatekeeper and Apple MRT)

Apple's macOS security infrastructure can't work on your Mac (Apple Gatekeeper and Apple MRT)



Apple Gatekeeper is a key component of macOS that does things like checking program signatures (such as code signature verification). That's what allows "trusted" applications to run with certainty that they are monitored and secure, such as those from the App Store. Apple MRT does malware detection.

It's a dangerous security error in Apple's macOS.

I manually checked my system configuration (MacOS 10.13.6) on the 2017 iMac 5K to see the security updates were in place.

I was stunned to find that two critical Apple security sites had not seen an update since December 2017 . Specific configuration files for Apple Gatekeeper and Apple MRT. It's almost 1

4 months where I was exposed to outdated configurations .

AppStore Security Update Preferences

By checking with an acquaintance, I learned that Gatekeeper and MRT configuration on his system had not been used since July 2018, so he was out of date with 7 months. That tells me this is not a one-time problem.

While I follow strict security practices and thus have very little risk, I am still very concerned that basic security infrastructure can enter a state where it does not work . It is itself a vector for malware!

I triple checked all my security settings. Nothing is turned off, nothing is inserted that would prevent security updates from automatic download and automatic installation.

Apple's security update February 19 failed to fix the problem (not other security updates over the last 13 months!). This was the state after Apple's February 19 security update, which showed that the update did nothing to update critical infrastructure, or even to detect the problem:

  Software update found the following new or updated software:
* macOSInstallerNotification_GM-2.0
MacOS Installer Notification (2.0), 1779K [recommended]
* GatekeeperConfigData-162
Gatekeeper Configuration Data (162), 3459K [recommended]
* MRTConfigData-1.39
MRTConfigData (1.39), 4035K [recommended]
* GatekeeperConfigData-140
Gatekeeper Configuration Data (140), 3451K [recommended]

Checking Your System

Checking via System Report

Using About This Mac => System Report => Installations . As shown below, there were no updates to "Gatekeeper Configuration Data" since December 10, 2017. It is for "MRTConfigData" (not shown).

February 19 file is just because I solved the problem manually [skjermbilde fanget etter at jeg tvunget oppdateringen manuelt.]

About this Mac => System Report => Installations

Control via LockRattler

The most friendly way to check the status of the Gatekeeper and MRT and other updates LockRattler displays my outdated Gatekeeper and MRT configuration status:

LockRattler by eclecticlight.co shows system security update status

Checks and updates on command line

 
# update everything softwareupdate -ia --include-config- data

Critical security infrastructure MUST work
should you say "No new software available"
software update – list
19659027] How can this happen?

  • When critical security infrastructure does not work, this is a priority # 0 bug; The reason is negligible as there is no cause for error. The infrastructure is important, and there should be regular system cross checks in place to detect such errors, and to warn the user about nothing else.
  • When reinstalling * macOS, you can't fix the problem, this is another insanely bad mistake. Seriously – reinstall and it still doesn't work properly?
  • When installing a security update, the update process should verify that all security configuration is up to date. This is another mistake.
  • It is pathetic testament to Apple software (non) quality that a user must resort to special tools and / or command line to fix what should never break in a critical security area.

* Reinstall over existing system, do not delete and install. The installation process shall ensure a work system and verify all safety configuration.

The many critical security bullets Apple has created during calendar-driven releases are really ugly to see. Add one more.

The fact that Apple's security infrastructure can fail in this way without any warning is even a critical error, because it means that somehow can something tweaked to disable updating configuration files for gatekeeper and MRT -a gorgeous potential vector for malware!

Strangely, I did this check after using the security update for MacOS 10.13.5 February 19. How can you have a security update that doesn't update your security properly?

Even worse after seeing this problem, I did a reinstallation over my existing MacOS system and still Gatekeeper and MRT configuration files got stuck in December 2017 versions.


Source link