813-999-0631 info@tetratos.com
Security researcher spots a macOS malware vulnerability that’s not yet patched

May 26, 2019

Watch out for this potential vulnerability if you’re opening up apps on a Mac: a security researcher has worked out a way that malware makers can bypass the macOS Gatekeeper protections to run malicious code.

Filippo Cavallarin details the security hole on his website and explains how it gets around Gatekeeper – the feature that prompts users to confirm they want to install applications from outside the Mac App Store.

The key is in the way macOS handles network shares and treats them as safe: the system could be tricked into opening a zip file archive that contains malicious code. In theory, would-be hackers get to run whatever code they like.

While the vulnerability would still require someone to open a zip file and trust the files it contains in order to work, it does seem to be a valid way of getting around the protections that Gatekeeper puts in place.

90-day deadline

Cavallarin says he told Apple about the issue 90 days ago and was assured it had been dealt with. However, the latest macOS 10.14.5 remains vulnerable, apparently.

“This issue was supposed to be addressed, according to the vendor, on May 15th, 2019 but Apple started dropping my emails,” says Cavallarin. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”

As yet Apple hasn’t responded to Cavallarin’s report, and so we don’t know when the vulnerability is going to get patched up (or if it works in exactly the way Cavallarin has claimed in his report).

It’s a reminder to treat all incoming files with suspicion, whatever operating system you’re running – especially if they have the ability to run code on your computer.

Related Articles

New Microsoft Excel Attack Surfaces

New Microsoft Excel Attack SurfacesResearchers have identified a security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems. A feature in Microsoft Office’s Excel spreadsheet program called Power...

Malicious URL attacks using HTTPS surge across the enterprise

Malicious URL attacks using HTTPS surge across the enterpriseCyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests. According to FireEye's Q1 2019 Email...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This