The update just released to macOS 11.3 resolves a security vulnerability that would reportedly allow a hacker to remotely access a user's sensitive data.
They have developed malware that, while unsigned, is misclassified by Apple's operating system, thanks to a logical error in the macOS code. This means that the malware can bypass all checks performed by Apple's operating system security mechanisms, such as Gatekeeper and Quarantine, designed to prevent malicious applications from running unapproved.
There is a caveat: In order to perform this attack, hackers must persuade the user to download or run an application that is not in the App Store or that Apple does not allow you to install. But once that's done, the Mac's defensive tools won't be able to prevent the malware from being installed, although macOS should stop any changes to critical system files and ask the user if the app can access photos, microphone, or other systems.
As always, regardless of the severity of this security flaw, the advice is "Do not open anything from unknown sites or download files from unknown websites".
"All the user has to do is double-click the file and the system will not generate macOS warnings or alerts," says security researcher Cedric Owens, who discovered the vulnerability in mid-March. Owens has developed a test app disguised as a harmless document that exploits the bug to launch the Calculator app, but said the vulnerability could be exploited for more obscure purposes.
According to security researcher Patrick Wardle, the vulnerability is the result of a logical error in the underlying macOS code.
"Put simply, macOS applications are not a single file, but a collection of different files that the application needs to function, including a properties list file that tells the application where the files it depends on are located. »Explains TechCrunch. "But Owens found that extracting this properties file and creating the package with a particular structure could cause macOS to open the package and run the internal code without generating any warning."
In addition to fixing the bug in macOS 11.3, Apple confirmed to TechCrunch that it has corrected previous versions of macOS to prevent abuse and that it has updated macOS XProtect's built-in anti-malware system to prevent malware from exploiting the vulnerability.