This is because Gatekeeper only verifies the first utility that the user launches.
The security program primary goal is to check the digital signature of the system.
If the utility had Apples digital signature, then Gatekeeper would allow the user to drop in the utility.
Same thing happened with the digital signature of third-party applications.
But it seems that the Gatekeeper wasnt dependable.
In fact, very often, apparently legit applications available on the web contained malware code.
Since 2012, the built-in anti-malware Gatekeeper system has been a feature in Apples OS X.
The problem is that Gatekeeper doesnt do any runtime analysis or analysis on secondary components.
Below is a proof-of-concept video provided by Patrick Wardle.
It monitors all the new processes created in OS Xs kernel.
Its kind of a global approach, Wardle said.
Apple is working with Wardle and should release another patch soon.
Also, the users must download these applications via a secure/encrypted internet connection.
source: www.techworm.net
