قالب وردپرس درنا توس
Home / Mac / Unpatched Apple MacOS Vulnerability Really Malicious Run Run – What You Need To Know

Unpatched Apple MacOS Vulnerability Really Malicious Run Run – What You Need To Know




<div_ngcontent-c14 = "" innerhtml = "

Getty

AppleInsider reports that a vulnerability first revealed to Apple three months ago remains unpatched and now the security researcher who found it has gone public Filippo Cavallarin has published details of how vulnerability enables users to be tricked into malicious applications, adapting the gatekeeper function in the process.

Gatekeeper is the Apple mechanism that has, since 2012, been enforcing the code signing and verification of application downloads If a user were to download an app outside of the Mac App Store then Gatekeeper would kick in and prevent it from running without the express consent of the user In theory anyway

Cavallarin says that, on macOS X version 10.14.5 (Mojave) and below, it is possible to " easily bypass gatekeeper to order untrusted code without any warning or user's explicit permission. ] According to Cavallarin, he contacted Apple February 22 and the vendor is aware of the issue. It was, he says, " supposed to be addressed, according to the vendor, on May 15, but Apple started dropping my emails. " As a 90 day disclosure deadline, which he says Apple is aware of, has now passed, Cavallarin has made details of the vulnerability public.

 

How can the vulnerability be exploited?

The vulnerability itself is a design issue that revolves around the fact that Gatekeeper external drives and network shares as being " safe locations " apps they contain to run. By combining this fact with the automotive feature to mount a network share using a " special " path and the feature that means zip archives can point to automount endpoints and decompress them without checking on these symbolic links, the vulnerability can be exploited . Cavallarine uses the attack and crafting a zip file with a symbolic link to an endpoint under their control and sending it to the victim who downloads and extracts the following that symbolic link. " Now the victim is in a location controlled by the attacker but trusted by Gatekeeper, so any attacker-controlled executable can run without any warning "Cavallarin states. There's a video here that shows the exploit in action.

What is the risk level?

Given that macOS X version 10.14.5 was only released a couple of weeks ago, there are going to be plenty of people who are yet to update their systems or are running much older versions of macOS and so are at risk. " as an attacker you need to trick the victim into downloading the malicious payload first, " ethical hacker John Opdenakker duty me, " it's a good reminder though that you always keep your OS patched. "

Is there a fix?

As previously stated, this vulnerability has yet to be patched by Apple and so there is no fix for the average user out there. Cavallarin suggests a possible workaround of disabling automount, but it is not for non-technical Apple Mac users. Apple, meanwhile, has yet to respond to my request for advice to users. If that changes, I will be sure to update this story accordingly. Security researcher, and Open Web Application Security Project (OWASP) Scotland chapter leader, Sean Wright charged me conversation that he's calling out companies that fail to act appropriately. " In many cases companies acknowledge the issue and agree it needs to be fixed, but unfortunately this doesn't seem to happen, or it does without any appropriate communication with the reporter of the issue, " Wright said, " ] with the latest Windows 0days, and now this, attackers have great tools for their arsenal. " Wright concludes by agreeing with Opdenakker that it relies on the user doing something, so advises users, " vigilant and only download and install software from trusted sources … "

">

AppleInsider reports that a vulnerability first revealed to Apple three months ago remains unpatched and now the security researcher who found it has gone public. Filippo Cavallarin has published details of how vulnerability enables users to be tricked into running malicious applications, adjusting the gatekeeper function in the process.

Gatekeeper is the Apple mechanism that has, since 2012, been enforcing the code signing and verification of application downloads. If a user were to download an app outside of the Mac App Store then Gatekeeper would kick in and prevent it from running without the express consent of the user. In theory anyway.

Cavallarin says that, on macOS X version 10.14.5 (Mojave) and below, it is possible to "easily bypass gatekeeper in order to execute untrusted code without any warning or user's explicit permission." According to Cavallarin, he contacted Apple February 22 and the vendor is aware of the issue. It was, he says, "supposed to be addressed, according to the vendor, on May 15, but Apple started dropping my emails." As a 90 day disclosure deadline, which he says Apple is aware of, has now passed, Cavallarin has made details of the vulnerability public.

The vulnerability itself is a design

issue that revolves around the fact that Gatekeeper's external drives and network shares are being "safe locations" allowing apps they contain to run. By combining this fact with the automount feature to mount and network share using a "special" path and the feature that means zip archives can point to automount endpoints and decompress them without checking on these symbolic links, the vulnerability can be exploited. Cavallarine uses the attack and crafting a zip file with a symbolic link to an endpoint under their control and sending it to the victim who downloads and extracts the following that symbolic link. "Now the victim is in a location controlled by the attacker but trusted by Gatekeeper, so any attacker-controlled executable can run without any warning," Cavallarin states.

What is the risk level?

Given that macOS X version 10.14.5 was only released a couple of weeks ago, there are going to be plenty of people who are yet to update their systems or are running much older versions of macOS and so are at risk. "As an attacker you need to trick the victim into downloading the malicious payload first," John Opdenakker's ethical hacker told me, "It's a good reminder though that you always keep your OS patched."

Is there a fix?

As previously stated, this vulnerability has yet to be patched by Apple and so there is no fix for the average user out there. Cavallarin suggests a possible workaround of disabling automount, but it is not for non-technical Apple Mac users. Apple, meanwhile, has yet to respond to my request for advice to users. If that changes, I will be sure to update this story accordingly. Security researcher, and Open Web Application Security Project (OWASP) Scotland chapter leader, Sean Wright, told me in conversation that he's calling out companies that fail to act appropriately. "In many cases companies acknowledge the issue and agree it needs to be fixed, but unfortunately this doesn't seem to happen, or it does without any appropriate communication with the reporter of the issue," Wright said, "with the recent Windows 0days , and now this, attackers have great tools for their arsenal. " Wright concludes by agreeing with Opdenakker that it relies on the user doing something, so users should, "vigilant and only download and install software from trusted sources …"


Source link