Highly Recommended!
External SSD wish list • Deals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives	$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories	$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories	$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories	$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories

Newly In Stock: SEE ALL...
Sony Mirrorless wish list • Deals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless	$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR	$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR	$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless	$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

Apple Core Rot CAUTION: Apple’s macOS Security Infrastructure Might Not be Working on Your Mac (Apple Gatekeeper and Apple MRT)

2019-02-20 • SEND FEEDBACK |

Related: Apple, Apple Core Rot, Apple Gatekeeper, Apple macOS, Apple MRT, security

Apple Gatekeeper is a key component of macOS that does things like checking application signatures (code signing verification, for example). It’s what allows “trusted” applications to run with confidence that they are vetted and safe, e.g., those from the App Store. Apple MRT does malware detection.

There is a dangerous security flaw in Apple’s macOS .

Update Feb 22: the issue persists and the system.log shows some very concerning failures.

I was manually checking my system configuration (macOS 10.13.6) on my 2017 iMac 5K to see that security updates were in place.

I was stunned to find that two critical Apple security areas had not seen an update since December 2017. Specifically, configuration files for Apple Gatekeeper and Apple MRT. That’s nearly 14 months in which I was exposed by out of date configurations.

AppStore preferences for security updates

Checking with an acquaintance, I learned that on his system, configuration for Gatekeeper and MRT had not been applied since July 2018—so his were out of date by 7 months. Which tells me that this is not a one-off issue.

While I follow strict security practices and thus have very low risk, I nonetheless am very concerned that fundamental security infrastructure can enter a state where it does not work. That in itself is a vector for malware!

I triple checked all my security settings. Nothing is turned off, nothing is/was set that should prevent security updates from auto-downloading and auto-installing.

The Apple’s Feb 19 security update did NOT fix the issue (nor did any other security update for the past 13 months!). This was the state after Apple’s Feb 19 security update,showing that the update did nothing to update critical infrastructure, or even to detect the problem:

Software Update found the following new or updated software:
* macOSInstallerNotification_GM-2.0
macOS Installer Notification (2.0), 1779K [recommended]
* GatekeeperConfigData-162
Gatekeeper Configuration Data (162), 3459K [recommended]
* MRTConfigData-1.39
MRTConfigData (1.39), 4035K [recommended]
* GatekeeperConfigData-140
Gatekeeper Configuration Data (140), 3451K [recommended]

Checking your system

Checking via System Report

Use About this Mac => System Report => Installations. As shown below, there were no updates to “Gatekeeper Configuration Data” since Dec 10 2017. Ditto for “MRTConfigData” (not shown).

The Feb 19 file is there only because I fixed the problem manually (screen shot captured after I forced the update manually).

About this Mac => System Report => Installations

Checking via LockRattler

The most friendly way to check the status of Gatekeeper and MRT and other updates is to download LockRattler at eclecticlight.co.

Below, LockRattler showing my outdated Gatekeeper and MRT configuration status:

LockRattler by eclecticlight.co shows system security update status

Checking and updating at the command line

# check status, should say "No new software available"
softwareupdate --list

# update everything
softwareupdate -ia --include-config-data

Critical security infrastructure MUST work

How can this even happen?

When critical security infrastructure fails to work, this is a priority #0 bug; the reason is unimportant as there are NO EXCUSES for a failure. The infrastructure is essential and there ought to be regular system cross-checks in place to detect such failures, and to warn the user, if nothing else.
When reinstalling* macOS fails to correct the problem, this is yet another insanely bad bug. Seriously—reinstall and it is still not functioning properly?
When installing a security update, the update process should verify that all security configuration is up to date. This is yet another bug.
It is pathetic testament to Apple software (non) quality that a user has to resort to specialty tools and/or command line to fix what should never break in a critical security area.

* Reinstalling over existing system, not erase and install. The install process should ensure a working system and verify all security configuration.

The numerous critical security bugs that Apple has spawned by calendar-driven releases is truly ugly to behold. Add one more.

The fact that the Apple’s security infrastructure can fail in this way with no warning whatsoever is itself a critical bug, because it means that somehow, something can be tweaked to disable updating configuration files for Gatekeeper and MRT—a lovely potential vector for malware!

Curiously, I made this check after applying the Feb 19 macOS 10.13.5 security update. How can you have a security update that does not update security properly?

Even worse, after seeing this issue, I did a reinstall over my existing macOS system and still the Gatekeeper and MRT configuration files stayed stuck at December 2017 versions.