macOS malware now on the rise? Apple has definitely remained busy throughout the recent years adding more protection to its operating system in order to protect users from potential malicious Mac software. An Apple vulnerability, however, was still exploited by cyber attackers.
Apple Bug Spotted
Cedric Ownes, a security researcher, discovered the reported bug during mid-March while still looking for ways around the macOS defenses. Apple's reported Gatekeeper mechanism would require developers to simply register with Apple and pay in order for their software to be run on Macs. The software notarization process reportedly mandates that the applications go through some sort of automated vetting process.
According to the story by Wired, the whole logic flaw that was found by Owens was not in the systems but rather the macOS itself! Attackers could reportedly make their own malware strategically and even trick the OS into running it despite failing the safety checks along the way.
Apple Vulnerability Masks from macOS
The flaw makes use of the cat door located at the bottom where users can simply toss a bomb making Apple assume that the applications will have a few particularly specific attributes. Owens reportedly discovered that if he created an application that was basically only a script, the code would tell another program what to do instead of doing it itself.
The infiltration didn't include the standard application metadata file known as info.plist which could silently run the said app on any particular Mac. Owens reported the said bug to Apple, according to an article by TechCrunch, and even shared his findings to the other longtime macOS security researcher known as Patrick Wardle, who then conducted a much deeper analysis into why the macOS had dropped the ball.
Downloading Apps Outside Mac App Store
It was noted that macOS initially checks if the app has actually been notarized, which in this particular case, it hasn't. However, it then follows up to see if the said software is technically an application bundle. When the macOS sees no info.plist file, the macOS would then wrongly determine that it is not an application.
This would then ignore any of the other evidence that contradicts. This would then let it run even without any needed caution to the user. After deeply understanding how the bug worked, Wardle then reached out to Apple-focused device management firm known as Jamf in order to see if the company's own Protective antivirus product had actually flagged any potentially malicious script-based malware that would fit the given criteria.
Jamf reportedly flagged a particular version of Shlayer adware that was then actively exploiting the said bug. The Gatekeeper feature on the reported macOS, previously launched in 2012, prompts users with a big warning asking them if they are really sure that they want to run the particular applications that have been downloaded outside the official Mac App Store.
Related Article: Apple App Store Won't Accept App Notifying Unmanned Drone Attacks
This article is owned by Tech Times
Written by Urian B.