Owens informed Apple, which fixed the bug in beta versions of the new Big Sur OS this week. That gave him remote control over the test Mac. When he clicked on the download, it ran without any of the popups that should’ve warned he was about to run unapproved software. When Owens copied those techniques and tested his mock malware, he did it on an up-to-date macOS with the Gatekeeper settings set to the most restrictive. That came after he discovered Appify, a legitimate tool that had also managed to get past Gatekeeper checks back in 2011 with a tool allowing developers to create simple macOS apps with just a script. He found that certain scripts within apps were not checked by Gatekeeper. The bug was first reported to Apple by security researcher Cedric Owens, who discovered it in mid-March. That XProtect update will happen automatically and retroactively apply to older versions of macOS. An Apple spokesperson said the company has now addressed the issue in macOS 11.3 and updated XProtect, its malware detection, to block the malware using this technique.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |