Update your Macs! Malware attacks can exploit critical flaws in Apple’s built-in defences

Patch now.

Update your Macs! Malware attacks can exploit critical flaws in Apple's built-in defences

Apple has released a brand new update for its macOS Big Sur operating system, and you really should install it.

Amongst other fixes, Big Sur 11.3 patches a zero-day vulnerability that could allow an attacker to craft malicious payloads that will not be checked by Gatekeeper, the security check built into Apple’s operating system that is supposed to block the execution of software from untrusted sources.

Researcher Cedric Owens says that all recent versions of macOS prior to Big Sur 11.3 are vulnerable to an attack that could easily be launched against unsuspecting users:

“[The] bug that I uncovered in macOS Catalina 10.15 (specifically tested on 10.15.7) and in macOS Big Sur before Big Sur 11.3 allows an attacker to very easily craft a macOS payload that is not checked by Gatekeeper. This payload can be used in phishing and all the victim has to do is double click to open the .dmg and double-click the fake app inside of the .dmg — no pop ups or warnings from macOS are generated.”

Security researchers at Jamf report that the zero-day exploit has been used in in-the-wild attacks, by a version of the Shlayer adware dropper, as far back as January 9 2021.

Fake flash update

Separately, a different vulnerability in macOS Gatekeeper has been discovered that could also allow malicious apps to bypass security checks – when wrapped in a ZIP file.

The vulnerability, dubbed CVE-2021-1810, was found by the boffins at F-Secure in December 2020, could be exploited by any software stored within a specially-crafted ZIP file.

Sign up to our free newsletter.
Security news, advice, and tips.

Apple patched the flaw found by F-Secure’s experts in updates issued this week: macOS Big Sur 11.3 and Security Update 2021-002 for macOS Catalina.

Apple vuln

The vulnerability discovered by Cedric Owens was also patched at the same time.

Although no evidence has been seen of malicious attacks exploiting the CVE-2021-1810 flaw, it obviously makes good sense to protect against both vulnerabilities by updating the operating system on your Macs and MacBooks at the earliest opportunity.

F-Secure says that it is not releasing full details of the vulnerability it uncovered at the moment, as it waits for more users to update their vulnerable devices.

In addition, the firm notes that applications downloaded from Apple’s App Store are not affected by this issue.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.