Apple patches a macOS vulnerability exploited by a malicious app posing as a document

MADRID, April 27 (2021) –

Apple has distributed a This week’s security patch for your macOS desktop operating system that solves a vulnerability that bypasses the protection mechanisms of the system by using a Malicious application posing as a document.

A family of macOS ‘malware’ has been profiting from this security flaw for months, before Apple patched it this week, as reported by cybersecurity researcher Cedric Owens, who discovered it in March, and as reported by TechCrunch.

As part of the error, cybercriminals can pass the ‘malware’ off as a file very similar to a harmless documentAlthough it is actually a malicious application that infects the device if the user double-clicks on it.

This technique bypasses macOS Gatekeeper, Notarization, and File Quarantine protection mechanisms, since when using it the operating system does not issue any security alerts, as Owens has verified through a demonstration of the error with a file that opens the System Calculator application.

After receiving the warning from Owens and to avoid possible attacks, Apple released a security patch for macOS 11.3 and earlier versions this week, as the American company has confirmed to TechCrunch.

As reported by cybersecurity researcher Patrick Wardle, who has also analyzed the problem, this is due to a logical error in system code that causes certain applications to be classified incorrectly and the correct security measures are not applied.

Altering this operation was possible because the operating system carried out this process through a list file that could be modified and that it reported where the data of each application was stored.

The cybersecurity company Jamf has claimed that the vulnerability has been exploited by cybercriminals and has discovered that the Mac Shlayer malware family already used it in an attack in January.

The new type of threat is a variant of the Shlayer ‘malware’, which has been around since 2018, and has been modified to infect users of the operating system of Apple computers in new ways.

Jamf has explained that this ‘exploit’ allows unapproved ‘software’ to work on Mac computers and has highlighted that, as a distribution technique, they are using Compromised websites and corrupt search engine results.

Add Comment