Mac users, download macOS 11.3 now to fix major security flaw
2021-04-26 17:09:10 UTC
The latest version of Apple s macOS comes with more than just a slew of fancy new features.Â
Buried inside macOS 11.3, which was released Monday morning, is a patch that fixes a critical vulnerability that was actively being exploited. This means that, yes, hackers or criminals or governments around the world were using this previously unreported bug for their own malicious ends.Â
That s according to Patrick Wardle, creator of the Mac security website and tool suite
Objective-See. In a blog post timed to coincide with the release of macOS 11.3, Wardle explains just how serious the now-patched vulnerability is.
Mac users urged to update OS to fix massively bad bug
itnews.com.au - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from itnews.com.au Daily Mail and Mail on Sunday newspapers.
A software bug let malware bypass macOS’ security defenses
Old malware, new tricks
Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS’ newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple’s watch.
Worse, evidence shows a notorious family of Mac malware had been exploiting this vulnerability for months before it was subsequently patched by Apple this week.
Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. Indeed, macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn’t reviewed the app a process Apple calls notarization or if it doesn’t recognize its developer, the app won’t be allowed to run without user intervention.
Credit: AppleInsider
TechCrunchreported Monday. Security researcher Cedric Owens first discovered the bug in March.
According to Owens, all the user would need to do is double click and no macOS prompts or warnings are generated. The researcher created a proof-of-concept app that exploited the flaw to launch the Calculator app.
Although Owens demonstration app was harmless, a malicious attacker could have leveraged the vulnerability to remotely access sensitive data or other information on a user s machine by tricking them into clicking a spoofed document.
Security researcher and Mac specialist Patrick Wardle also reported that the bug is being actively exploited in the wild as a zero-day vulnerability. He added that the flaw was caused by a logic issue in macOS s code.
A newly discovered bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet. Here, Apple CEO Tim Cook announces the new Mac Pro as he delivers the keynote address during the 2019 Apple Worldwide Developer Conference (WWDC) in San Jose, California. (Photo by Justin Sullivan/Getty Images)
Apple patched what noted Mac security researcher Patrick Wardle described to SC Media as “the worst macOS bug in recent memory.” An adware group had already been using the bug in the wild.
The bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet. MacOS knows to apply additional scrutiny to downloads by activating the “com.apple.quarantine” attribute. When all goes well, programs with that attribute trigger Apple’s suite of system warnings and outright blocking of suspicious applications â File Quarantine, G
vimarsana © 2020. All Rights Reserved.