Mac 10.14 Disable Gatekeeperinstall Untrusted Apps Terminal

Posted on |

  1. Mac Os Allow Apps From Unidentified Developers
  2. How Do I Change Security Preferences On Mac To Allow Installation Of Unidentified Developers
  3. Allow Apps From Unidentified Developers Mac Mojave
  4. Mac How To Allow Apps From Unidentified Developers
Disable
Text Size

Mac Os Allow Apps From Unidentified Developers

A new security flaw has been found in macOS that could allow malicious apps to bypass Apple’s built-in “Gatekeeper” security feature. Most significantly, this bug affects even most recent 10.14.5 update that was released earlier this month to address the ZombieLoad Intel hardware vulnerability.

Gatekeeper is a security feature that was introduced back in 2012 in OS X Mountain Lion designed to flag apps from untrusted developers, preventing them from running without explicit user permission. Registered and trusted Apple developers are allowed to digitally sign their apps, and Gatekeeper kicks in when the user tries to run an unsigned app that they’ve downloaded from outside of the Mac App Store.

Allow apps from unidentified developers mac mojave

However, it seems that a loophole has been discovered in the Gatekeeper process. Security researcher Filippo Cavallarin discovered the flaw, publicizing it on his blog, as reported by 9to5Mac.

The problem is in the way that Apple has designed the feature, which considers external drives and network shares to be “safe locations” to run unsigned apps from. While the reasons for this decision on Apple’s part are unclear, it’s likely designed to allow users in business and school environments to easily open shared apps without having to jump through extra and possibly confusing, hoops.

In the following words, we will show you step with screenshots to disable/enable Gatekeeper to be allowed to install application downloaded from unidentified developer on MacOS 10.14 Mojave. However, all processes must work the same on Catalina, High Sierra, Sierra, Maverick, El Capitan and Yosemite. What is Gatekeeper? Gatekeeper is disabled by default to prevent being risked by installing.

Unfortunately, it’s relatively simple for a malicious app to trick a user into mounting a network share drive — even from over the internet — subsequently allowing anything in that folder to be run without consulting the Gatekeeper process.

Cavallarin offers some additional technical details and examples for ways in which this exploit could be taken advantage of by bad actors, highlighting not only the Gatekeeper limitations concerning network shares, but also the default behaviour of macOS to automatically mount network shares via a special path.

As Cavallarin explains, a ZIP archive could contain a special file that links to a network location (known as a “symbolic link” or “symlink”). This special file could be crafted in such a way as to make the user think that they need to click on it for some legitimate reason, which would then take them to a network share that’s completely trusted by Gatekeeper, but controlled by the attacker. Cavallarin even provides specific steps on his blog that can be used to reproduce the exploit with minimal effort.

Both the automatic mounting of network shares and the ability to include “symlinks” in ZIP files are legitimate features of macOS, Cavallarin notes, but because of the way Gatekeeper automatically trusts ANY network share, they open up very real possibilities for malicious software to get installed onto a user’s computer without them realizing it.

Cavallarin also provides a video of the exploit in action, showing how it could even be used to provide an attacker with full remote access to the target computer by tricking the user into clicking on an app that’s disguised as a folder of important PDF documents.

Mac 10.14 Disable Gatekeeperinstall Untrusted Apps Terminal

According to Cavallarin’s post, he contacted Apple on February 22 to make them aware of the bug, which Apple said was supposed to be addressed on May 15th — presumably as part of macOS 10.14.5 and the related ZombieLoad security updates for Sierra and High Sierra. However, Cavallarin notes that “Apple started dropping [his] emails” and since he had given Apple a 90-day disclosure deadline, he decided to make the information public after he found that it still hadn’t been addressed in macOS 10.14.5.

How Do I Change Security Preferences On Mac To Allow Installation Of Unidentified Developers

Until Apple addresses this issue, we’d recommend extreme caution when downloading apps outside of the Mac App Store, especially apps contained in ZIP files and/or those that look like they may require you to click on unusual files, folders, or other links. Cavallarin also suggests disabling the macOS automount feature as a “possible workaround” to increase security, although this requires editing a secure file through the macOS Terminal app, so it’s only recommended for advanced users who understand how to edit files as the root user.

Read Next:Apple’s Seventh-Generation iPod touch Lands with an A10 Chip but Little Else

The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.

The root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task.

It's safer to use the sudo command in Terminal instead of enabling the root user. To learn about sudo, open the Terminal app and enter man sudo.

Enable or disable the root user

Allow Apps From Unidentified Developers Mac Mojave

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click , then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility:
    • Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
    • Or choose Edit > Disable Root User.

Log in as the root user

When the root user is enabled, you have the privileges of the root user only while logged in as the root user.

  1. Choose Apple menu > Log Out to log out of your current user account.
  2. At the login window, log in with the user name ”root” and the password you created for the root user.
    If the login window is a list of users, click Other, then log in.

Remember to disable the root user after completing your task.

Change the root password

Mac How To Allow Apps From Unidentified Developers

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click , then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility, choose Edit > Change Root Password…
  8. Enter a root password when prompted.