Preventing potential Gatekeeper exploit

Prevent potential Gatekeeper exploits in Dreamweaver on Mac operating systems.

Gatekeeper is a built-in malware detection feature in Mac OS X 10.7 and later. Apps that are installed from Mac App Store are considered to be safe since Apple reviews each app before they are accepted by the store. Apps that are downloaded from places other than the App Store must be digitally signed with the Developer ID issued by Apple. Gatekeeper checks for the signature in the apps during launch and blocks the apps that are tampered with or are not signed by a Developer ID. It also prompts users to confirm if they want to run the app.

While Gatekeeper checks for valid signatures when an app is being installed, it does not check the apps or plug-ins that get dynamically loaded after the app is installed. This shortcoming can be exploited to load malicious plug-ins through Dreamweaver, especially if the Dreamweaver install package is downloaded from non-Adobe sources and installed in a location other than /Applications.

Adobe Dreamweaver that is downloaded from Creative Cloud is signed with a valid Developer ID and can be successfully installed in the default location on Mac: /Applications. All third-party libraries within the /Applications folder are also automatically loaded.

When Dreamweaver is installed in a custom location, it does not automatically load third-party libraries to prevent a potential Gatekeeper exploit. Dreamweaver displays a dialog box that lists all the third-party libraries that can be loaded:

Confirmation for loading third-party libraries
Confirmation for loading third-party libraries

If you are sure that these libraries have been obtained from credible sources, you can go ahead and choose to load them. The dialog box is not displayed again and Dreamweaver continues to load these libraries and extensions in all subsequent launches.

If you do not want to load these libraries or extensions, click No. Note that Dreamweaver will not display this dialog box again and none of the extensions that you install in future will be loaded.

If you want the dialog box to be displayed again so that you can change your option, delete the Preferences file. However, exercise caution while deleting this file and follow the instructions described in this article.

Adobe logo

Sign in to your account