Apple Fixes Bug That Lets Malicious Apps Skirm MacOS Security Protections
The latest macOS security update contains a fix for a bug that allows malicious apps to bypass macOS security protections. This includes a flaw in the Achilles framework that allowed the Adware Doctor:Anti Malware &Ad app to send users’ browser histories to a remote server in China.
Achilles vulnerability
The Gatekeeper security mechanism in Apple’s macOS has been vulnerable for several years. It is designed to prevent malicious software from running on the device. However, recent security discoveries have revealed the ability to bypass this feature. This could increase the effectiveness of a malicious campaign.
The flaw, named Achilles, was discovered by a Microsoft security researcher. He reported it to Apple and the company patched the issue.
According to Microsoft’s blog, the flaw affects two of the most important lines of defense in macOS. These are Access Control Lists and Restrictive Control List Permissions.
The logic flaw in the Gatekeeper mechanism was discovered by a Microsoft principal security researcher, Jonathan Bar Or. He shared his findings with Apple through the CVD system.
With a specially crafted payload, an attacker can exploit this flaw. By abusing Access Control Lists, they can bypass Gatekeeper’s checks and launch a rogue application on the targeted computer.
Adware Doctor:Anti Malware &Ad sent users’ browser histories to a remote server in China
There’s a new adware on the block causing a flurry of activity on the Mac App Store. The software is a whopper, but a little research will get you well on your way to a happy and secure macbook. Fortunately, there are a few tools of the trade in the form of a few well-meaning Mac users. We’ve rounded up some of the best anti-malware programs, a few tips and tricks to slash the petty slop, and an A+ A-grade virus free system for your protection. With our recommendations in hand, you can hit the ground running. Hopefully you’ll be able to sleep better tonight. Until next time. oh, and a big thank you to the good people of the MAC App Store! Make this your next macbook pro re-boot.
Attackers exploit the flaw by sending specially crafted emails that trigger faults
The vulnerability is caused by the flaw in the Model I/O subsystem, where an attacker can exploit it to read memory contents and cause a race condition that will allow the local application to escalate its privileges. This issue can be exploited both locally and remotely. There are no known workarounds for this issue. However, the vendor has provided some information on how to exploit it.
If the user is authenticated, they can access the contents of the encrypted zip file. Since the encryption is weak, they could easily decrypt the contents. Furthermore, the authenticated attacker could also retrieve the debug information about the system. Hence, the attacker can perform further attacks against the system. Moreover, the affected devices also use a weak encryption scheme to encrypt the debug zip file.