Researcher have Discovered a Malware Vulnerability in MacOS

MacOS Vulnerability
Image Source – idownloadblog

Filippo Cavallarin have discovered a security hole in the MacOS.This was stated on his website, according to him, “it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user’s explicit permission”.

What is a GateKeeper?

A GateKeeper is a mechanism developed by Apple and included in MacOS X since 2012 that enforces code signing and verifies downloaded applications before allowing them to run.
For example, if a user donwloads an application from internet and executes it, Gatekeeper will prevent it from running without users consent.

How Does the Malware Work?

If you are opening applications on Mac,you should watch out for potential vulnerabilities as malware can bypass the MacOs GateKeeper protections to run malicious codes.

While the vulnerability would still require someone to open a zip file and trust the files it contains in order to work, it does seem to be a valid way of getting around the protections that Gatekeeper puts in place.

“This issue was supposed to be addressed, according to the vendor, on May 15th 2019 but Apple started dropping my emails,” says Cavallarin. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”

This is a reminder to treat all incoming files with suspicion, whatever operating system you’re running – especially if they have the ability to run code on your computer.

Filippo also published a video to illustrate the concept.

Solution

According to Fillipo, there is no solution available yet.

A possible workaround is to disable automount:

  1. Edit /etc/auto_master as root
  2. Comment the line beginning with ‘/net’
  3. Reboot
Total
0
Shares
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Prev
Snapchat Employees Spied on Users By Using Internal Company Tools
Snapchat employees spying on users

Snapchat Employees Spied on Users By Using Internal Company Tools

Snapchat is a multimedia messaging app used globally

Next
Cybersecurity Jobs – You can create your own Cybersecurity Role
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

With the increase in the interest for cyber security and the cyber security

You May Also Like
0
Would love your thoughts, please comment.x
()
x