Last Monday, Apple released macOS Big Sur 11.3 update, containing, in addition to a number of innovations, a patch that eliminated a serious vulnerability in the operating system that allowed hackers to bypass most of the security mechanisms of the software platform.
According to the security researchers who discovered and analyzed the vulnerability, hackers have previously used it to hack into Mac computers.
Using the bug, the hackers created malicious programs that allowed them to gain control over the user’s computer, bypassing Apple’s protections on macOS, such as Gatekeeper, File Quarantine, and application notarization requirements. These mechanisms should, in theory, block files downloaded from the Internet from accessing users’ files unless they are signed by well-known developers and verified by Apple for malicious software.
The vulnerability was discovered by security researcher Cedric Owens, which he reported to Apple on March 25.
Patrick Wardle, an independent macOS researcher, in an interview with Motherboard, called this vulnerability the most serious bug for ordinary users. According to the researcher, despite the fact that the potential victim double-clicked on the malicious file, macOS did not display any warnings, prompts, and did not block the launch of the application.
Jaron Bradley, head of cybersecurity company Jamf Protect, which deals with cybersecurity at Apple, said that at least one group of hackers used the bug to infect victims’ computers for several months.
The malware he discovered with Wardle is an updated version of Shlayer designed to install adware. According to Bradley, the first version of Shlayer to use this bug was dated January 9, 2021.
According to an Apple spokesman, the company has implemented new rules to detect malware that exploits this bug in its XProtect antivirus application. These rules are automatically installed in the background, so all macOS devices, regardless of version, are now protected.
Earlier this year, computer security company Red Canary discovered malware called Silver Sparrow, which another company identified on about 30,000 computers. Also this year, Wardle discovered another Mac malware designed specifically for Apple’s M1 processors.
