After the release, Wardle reverse-engineered the security patch to see how Apple was dealing with the Gatekeeper problem. He then noticed that the actual underlying vulnerability wasn't addressed. Instead, the company had blacklisted the binaries Wardle was using to demonstrate the issue. When he talked to Apple about it, the company issued a new security update that just blacklisted the latest apps he was working with.

Basically, instead of treating the disease, Apple went after the symptoms. Wardle is quick to point out that the security team at Apple is a bright group, and that he's been in contact with them while doing his research. The team has reiterated that it's working on a more comprehensive fix.

However, Wardle is concerned about end users that have put their trust in a security update that doesn't actually fix the problem. "I can reverse engineer this [security patch] in five minutes," he told Engadget, "so it's something others can do as well."

The vulnerability is especially concerning, because it opens up Macs to altered apps that are the result of man-in-the-middle attacks when something is downloaded via regular HTTP instead of secure HTTPS.

While Apple is working on a fix, Wardle suggests only downloading apps from the Mac App Store or from trusted vendors that use HTTPS -- something you should be doing already, really. We've contacted Apple and will update this post if we get a response.