A new report published this morning states that "Apple hasn't completely fixed a weakness in Gatekeeper, its security technology that blocks harmful applications from being installed." Patrick Wardle, director of research with the company Synack, said in an interview he reverse-engineered a patch Apple released in October and found it wasn't quite the fix he expected. Wardle, who has studied OS X extensively, found the original bug that Apple patched, CVE-2015-7024.
Wardle found he could still bypass Gatekeeper and install malware. He's going public with his latest findings on Sunday at the Shmoocon security conference, which starts Friday in Washington, D.C.
Wardle added that "Releasing a patch claiming it is fixed kind of doesn't solve the problem. Users will think they're secure when they're not." For more on this, read the full PCWorld report here.