The threats to Apple computers have gone mainstream in recent years and threat actors are doing everything in their power to exploit publicly disclosed vulnerabilities.
The scoop
A dangerously bad zero-day vulnerability in macOS was being abused by the Shlayer malware to bypass Apple’s Gatekeeper, Notarization, and File Quarantine security checks, as well as download second-stage malicious payloads. The logic flaw—spotted by security researcher Cedric Owens—lied in the operating system itself instead of the security systems.
Why does it matter?
- The malware was strategically designed by attackers to trick macOS into allowing it to run even if it didn’t pass the safety checks.
- The researcher classified this as the most dangerous macOS phishing payload as the victim only has to extract the seemingly benign .dmg or .zip file and double click the payload.
- Into the bargain, this vulnerability has the potential to misclassify specific apps. This, in turn, can lead the policy engine to bypass essential security logic.
Other threats to macOS
- A security flaw in the official Homebrew Cask repository was recently identified and patched that could have been exploited to execute arbitrary code on target machines with Homebrew installed.
- A new malicious package, web-browserify, was discovered in the npm registry. This flaw targeted NodeJS developers by leveraging macOS.
- Threat actors were found propagating macOS malware—XcodeSpy—to infect Apple Xcode.
The bottom line
The zero-day has been fixed by Apple in its macOS Big Sur 11.3 so users are urged to update their OS to the latest version so that Gatekeeper can block this payload properly. Shlayer operators are infamous for seeking out workarounds to achieve their goals. Thus, it is up to users to prevent themselves from the noose of this malware.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_137499599.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_311303981.jpg)
