Apple Mac users are being urged to update their macOS software now, as they’re at “grave risk” of hackers exploiting what’s been described as one of the worst vulnerabilities to affect the tech giant’s computers in years in years. Malware that takes advantage of the bug has been hitting Macs since at least January, making patching all the more urgent.
The hacks effectively take Mac security back a decade, according to Patrick Wardle, a former NSA analyst and a macOS security expert, who described it as one of the worst security issues to have ever hit the Apple operating system. Malicious hackers can and have created malware that, though unsigned, is misclassified by Apple’s operating system, thanks to a logic error in macOS’ code. That means malware can skip all the checks done by Apple’s security mechanisms like Gatekeeper and File Quarantine, which are designed to stop any unapproved, dangerous apps from running.
There’s one caveat: The hackers have to convince a user to download or run an app that’s not in the App Store or allowed by Apple. But once that’s done, the malware won’t be stopped installing by the Mac’s defensive tools, though macOS should stop any changes to critical system files and ask the user if the app can access photos, the mic or other systems. For anyone still running an unpatched macOS, Wardle’s advice was simple: “Don’t open anything from anybody.”
It affects all recent versions of macOS but Apple has released a patch that prevents the attacks. Version Big Sur 11.3 is available now and contains other fixes besides addressing this bug.
An Apple spokesperson said the company has now addressed the issue in macOS 11.3 and updated XProtect, its malware detection, to block the malware using this technique. That XProtect update will happen automatically and retroactively apply to older versions of macOS.
The bug was first reported to Apple by security researcher Cedric Owens, who discovered it in mid-March. He found that certain scripts within apps were not checked by Gatekeeper. That came after he discovered Appify, a legitimate tool that had also managed to get past Gatekeeper checks back in 2011 with a tool allowing developers to create simple macOS apps with just a script. When Owens copied those techniques and tested his mock malware, he did it on an up-to-date macOS with the Gatekeeper settings set to the most restrictive. When he clicked on the download, it ran without any of the popups that should’ve warned he was about to run unapproved software. That gave him remote control over the test Mac.
Shlayer attacks
But by the time Owens had informed Apple, malicious hackers had already started exploiting the issue, according to Jaron Bradley, a Mac expert at cybersecurity company Jamf, which published research into the attacks on Monday. He said that as early as January 9, 2021, hackers running a known macOS malware called Shlayer had discovered and started using the zero-day vulnerability (one that hasn’t been patched at the time of exploitation.) The malware’s ultimate goal is to install adware on Macs, earning money for the fraudsters per faked clicks and views on advertisements. Often, Shlayer is installed on victims’ Macs via fake app installers or updaters. “Shlayer continues to be one of the most active and prevalent malware families for macOS,” added Bradley.
It’s unclear who else found out about the bug and why they started hacking Macs. It’s also unknown just how many users have been hit.
It’s unclear who else found out about the bug and why they started hacking Macs. It’s also unknown just how many users have been hit.
Though not a cybercrime target on the same level of Microsoft’s Windows platform, Macs do come under attack. In one recent hack, where a mysterious malware known as Silver Sparrow targeted the new M1 Macs, as many as 30,000 Apple PCs were breached.
0 Comments:
Post a Comment