“To make the situation more urgent, the Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper,” it said. Mac security firm Jamf said in a separate blog post that it had located Shlayer malware already exploiting the bug. “Armed with such a capability macOS malware authors could (and are) returning to their proven methods of targeting and infecting macOS users.” “We started with an unsigned, unnotarised, script-based proof-of-concept application that could trivially and reliably sidestep all of macOS’s relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization requirements) …even on a fully patched M1 macOS system. “Unfortunately due to subtle logic flaw in macOS, such security mechanisms were proven fully and 100 percent moot, and as such we’re basically back to square one. This is a good thing as sure, users may be naive, but anybody can make mistakes,” Wardle wrote. “Since 2007, Apple has sought to protect users from inadvertently infecting themselves if they are tricked into running such malicious code. However, Wardle noted, the bug discovered by Owens allowed an attacker “to trivially and reliably bypass all of these foundational mitigations”, without generating any system prompts that would warn the user something was amiss.Ī proof-of-concept showed an app could be disguised as a document and “allowed to launch with no prompts nor alerts”. It is one of three such protections built into macOS, all of which are intended to alert users about files downloaded from the internet, and to prevent malware writers from tricking users into infecting their machines. Gatekeeper was introduced in OSX Lion (10.7) as an added layer of protection when users downloaded executables from the internet. The bug was given the common vulnerabilities and exposures (CVE) reference CVE-2021-30657 in Apple security notes, where it is described as a “logic issue” that could allow “a malicious application bypass Gatekeeper checks”. In a long technical blog post, fellow security researcher Patrick Wardle said the bug “trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk” and that “malware authors are already exploiting it in the wild as an 0day”. The bug was uncovered by security researcher Cedric Owens, who reported it to Apple. Apple Mac users are being urged to update to macOS Big Sur 11.3, released today, which patches a “massively bad” vulnerability that could allow malware to bypass layered protections built into the operating system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |