Cyber attackers have exploited a hitherto unknown flaw to hack an unidentified number of Apple computers, report two security researchers, Patrick Wardle and Cedric Owens, asked by Motherboard. They describe this bug as one of the most dangerous ever found on the macOS operating system.
A patch released
The bug was reported to Apple, which incorporated a fix in macOS Big Sur 11.3. It also patched earlier versions of macOS and updated XProtect, Apple’s built-in anti-malware engine, to prevent malware from exploiting this flaw.
For Patrick Wardle, a former National Security Agency (NSA) analyst, it is very surprising that American society has never discovered this vulnerability. Indeed, this one “undermines much of Apple’s security efforts“he told Forbes.
bypass security barriers
In practice, this vulnerability allowed hackers to take control of the victim’s computer by bypassing Apple’s protections on macOS such as Gatekeeper or File Quarantine, as well as application notarization requirements. In theory, these devices prevent files downloaded from the Internet from accessing user files unless they are signed by developers identified and verified by Apple.
In other words, hackers only had to convince the Internet user to download or run an app that was not in the App Store or authorized by Apple. Once this step was completed, the installation of the malware was done without a hitch since no security barrier was operative.
The bug was first discovered by Cedric Owens in mid-March. He found that some scripts in apps weren’t verified by Gatekeeper, a proprietary technology that ensures only reliable software runs on Macs. He was thus able to take control of a remote test Mac using bogus malware.
A new version of the Shlayer adware
The researcher informed Apple of this discovery, which fixed the bug in beta versions of macOS Big Sur 11.3. But, hackers had already seized on this vulnerability, according to Jaron Bradley, a cybersecurity expert at the company Jamf. He said that as early as January 9, 2021, hackers running macOS malware, known as “Shlayer”, started using this zero day vulnerability. “Shlayer continues to be one of the most active and prevalent malware families for macOS“, added the expert.
Shlayer, discovered in early 2018, allows cyber attackers to proliferate various adware and promote bogus search engines on the web. According to Kaspersky Lab, it affected one in ten Macintosh systems in January 2020.
Silver Sparrow hits 30,000 Macs
This is the second major flaw targeting macOS detected in recent months. In fact, at the end of last February, several security researchers from Red Canary and MalwareBytes discovered the existence of new malicious software targeting the macOS operating system, called “Silver Sparrow”. It affected both systems equipped with an Intel processor (x86 architecture) and the new M1 processors designed by Apple (ARM64 architecture). Almost 30,000 Apple computers in 153 countries have been affected.