Bypassing Apple iOS security is easy peasy
 

A security researcher has made the bizarre claim that Apple’s iOS is not the most secure in the world, as the Tame Apple Press insists, and is in fact “as easy as Sunday morning” to hack.

For years, Apple has been telling the world, through its legions of tame journalists, that its security features such as Gatekeeper and XProtect to OS X protect Mac gear completely.

But Patrick Wardle, director of research at Synack said that all of those protections are simple to bypass and hacking a Mac isn’t much of a challenge at all.

Apple claims that Gatekeeper gives users the ability to restrict which applications can run on their machines by choosiing to only allow apps from the Mac App Store. With that setting in play, only signed, legitimate apps should be able to run on the machine.

But Wardle said that Gatekeeper doesn’t verify an extra content in the apps. So if he can find an Apple-approved app and get it to load external content, it will bypass Gatekeeper. Gatekeeper only verifies the app bundle.

Apple’s anti-malware system for OS X still depends on people not writing much malware for the machines. Getting past XProtect turns out to be just as simple as bypassing Gatekeeper. Wardle found that by simply recompiling a known piece of OS X malware, which changes the hash, he could get the malware past XProtect and execute it on the machine. Just changing the name of the malware also lets it sneak in under the fence.

http://www.techeye.net/news/bypassin...-is-easy-peasy