“All the user would need to do is double click - and no macOS prompts or warnings are generated,” he told TechCrunch. Owens told TechCrunch that the bug allowed him to build a potentially malicious app to look like a harmless document, which when opened bypasses macOS’ built-in defenses when opened. And if macOS hasn’t reviewed the app - a process Apple calls notarization - or if it doesn’t recognize its developer, the app won’t be allowed to run without user intervention.īut security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run.
Indeed, macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet.
Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. Worse, evidence shows a notorious family of Mac malware had been exploiting this vulnerability for months before it was subsequently patched by Apple this week. Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS’ newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple’s watch.
0 kommentar(er)
