He tested it himself and confirmed the latest version is secure from his attack.īut by the time Owens had informed Apple, malicious hackers had already started exploiting the issue, according to Jaron Bradley, a Mac expert at cybersecurity company Jamf, which published research into the attacks on Monday.
Owens informed Apple, which fixed the bug in beta versions of the new Big Sur OS this week. That gave him remote control over the test Mac. When he clicked on the download, it ran without any of the popups that should’ve warned he was about to run unapproved software. When Owens copied those techniques and tested his mock malware, he did it on an up-to-date macOS with the Gatekeeper settings set to the most restrictive. That came after he discovered Appify, a legitimate tool that had also managed to get past Gatekeeper checks back in 2011 with a tool allowing developers to create simple macOS apps with just a script. He found that certain scripts within apps were not checked by Gatekeeper. The bug was first reported to Apple by security researcher Cedric Owens, who discovered it in mid-March.
MACOS YEARS USED RUNONLY TO AVOID UPDATE
That XProtect update will happen automatically and retroactively apply to older versions of macOS. An Apple spokesperson said the company has now addressed the issue in macOS 11.3 and updated XProtect, its malware detection, to block the malware using this technique.
0 kommentar(er)
