If you haven’t already, you should update your Mac now. A recently patched zero-day vulnerability in macOS operating systems allowed hackers to bypass much of Apple’s security protocols and deploy malware to an unknown number of computers, new Studies show.
The bug, which was discovered in march by security researcher Cedric Owens, allegedly allowed the download of a malicious script on “all recent versions of macOS”, Including macOS versions 10.15 to 11.2. Fortunately, the new macOS 11.3 includes an update which fixes the security hole.
Researchers say the vulnerability created a workaround for key macOS security features, including Gatekeeper, File Quarantine, and corporate notarization security control, all of which are designed to intercept and prevent program downloads. malware from the Internet.
According to Owens, a hacker could hypothetically use the security hole to introduce malware into a computer. Owens did his own research, creating a test program that he was able to hide in a seemingly innocuous document and sneak through security programs meant to verify that a program was from a known developer.
“This bug trivially bypasses many Apple security mechanisms, leaving Mac users in great danger,” said fellow security researcher Patrick Wardle, in a technical blog he wrote about the bug.
“This is probably the worst or potentially the most impacting bug for everyday macOS users,” he later said. told Vice News.
Hackers also actively exploited the bug, although the compromise strategies that were discovered seem quite clunky and require a user to download and run an unknown Internet program. The iOS endpoint protection company Jamf Protect reports that, earlier this year, the security breach was to be exploited in the wild by hackers using the Shlayer malware – a malicious adware that is one of the more common forms of malware known to target macOS systems.
“The exploit allows unapproved software to run on Macs and is distributed through compromised websites or poisoned search engine results,” Jamf researchers wrote.
In most cases, the wrong sites would prompt a user to download an unsolicited software package, and if the user were stupid enough to attempt to install it, they would instead have a whole bunch of malware on their computer.
When contacted by email, an Apple spokesperson said the company had taken immediate action to address the vulnerability.
“This issue does not bypass XProtect, Gatekeeper’s malware detection, but it does allow malware to bypass the notarization requirement and the display of the Gatekeeper dialog,” the spokesperson said. “After discovering this problem, we quickly deployed XProtect rules to block malware that we detected using this technique. These rules are automatically installed in the background and apply retroactively to older versions of macOS. “