Skip to main content

Hackers Used ‘Mind-Blowing’ Bug to Sneak Past macOS Safeguards

posted onApril 27, 2021
by l33tdawg
Wired
Credit: Wired

With macOS malware on the rise, Apple has been busy in recent years adding layers of protections that make it a lot more difficult for malicious software to run on Macs. But a vulnerability in the operating system, publicly disclosed and patched today, was exploited to bypass all of them.

Security researcher Cedric Owens discovered the bug in mid-March while looking for ways around macOS defenses. Apple's Gatekeeper mechanism requires developers to register with Apple and pay a fee so their software will be able to run on Macs. And the company's software notarization process mandates that all applications go through an automated vetting process. The logic flaw Owens found lay not in those systems but rather in macOS itself. Attackers could craft their malware strategically to trick the operating system into letting it run even if it failed all the safety checks along the way.

“With all of the security improvements Apple has made in the past few years I was pretty surprised that this simple technique worked," Owens says, “So I immediately reported this to Apple given the potential for real world attackers to use this technique to bypass Gatekeeper. There are multiple use cases for how this bug could be abused.”

Source

Tags

Security Apple

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th