macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections

Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.

apple security banner
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.

According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.

"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."

In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.

Related Forum: macOS Big Sur

Top Rated Comments

LV426 Avatar
18 months ago

Apple is definitely protecting the consumers.
Well, Apple definitely wasn’t protecting customers when they introduced this vulnerability.

There‘s a good write up of the disastrous security flaw here ('https://objective-see.com/blog/blog_0x64.html').
Score: 3 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
18 months ago
Apple is definitely protecting the consumers.
Score: 3 Votes (Like | Disagree)
Ethosik Avatar
18 months ago

This is why the Mac App Store should remain closed, walled and protected... oh, wait...
And the solution is to......remove the store and protected systems in place? There will always be bad things that slip through. The only....ONLY way to achieve 100% secure system is if the Apple App Review process takes months. Have Apple developers look through your code and REALLY test it. But would developers like this?

There are still murders, robberies, other criminal acts. Does that mean the police does nothing?
Score: 3 Votes (Like | Disagree)
RedTheReader Avatar
18 months ago

In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work,
Everything Is a File™
Score: 2 Votes (Like | Disagree)
MauiPa Avatar
18 months ago
"The report says the bug was exploited for months, but it's unclear how many users were impacted." What report? A report is not mentioned in the article.
Score: 2 Votes (Like | Disagree)
lkrupp Avatar
18 months ago
Security updates for Mojave and Catalina out now that patch the same security issues.
Score: 2 Votes (Like | Disagree)

Related Stories

General Dropbox Feature

Apple Confirms macOS 12.3 Deprecates Kernel Extensions Used by Dropbox and OneDrive

Thursday January 27, 2022 11:29 am PST by
Apple today seeded the first beta of macOS 12.3 to developers for testing. In the release notes for the update, Apple confirms that it has deprecated kernel extensions used by Dropbox and Microsoft OneDrive and notes that both cloud storage services have replacements for the functionality currently in beta. Earlier this week, Dropbox announced that users who update to macOS 12.3 may...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
macOS Monterey on MBP Feature

Apple Warns macOS Catalina Users About Installing macOS 12.3 Beta on Volume With FileVault Enabled

Saturday January 29, 2022 8:40 am PST by
Apple today updated its macOS 12.3 beta release notes to warn macOS Catalina users about a potential boot loop issue when installing the macOS 12.3 or macOS 11.6.4 betas on a separate APFS volume with FileVault enabled. "If your Mac currently has macOS Catalina installed, installing macOS Monterey 12.3 beta or macOS Big Sur 11.6.4 beta on a volume with FileVault enabled might cause a boot...
macOS Monterey Python

Apple Finally Removing Python 2 in macOS 12.3

Friday January 28, 2022 6:26 am PST by
Apple will no longer bundle Python 2.7 with macOS 12.3, according to developer release notes for the upcoming software update. Python 2 has not been supported since January 1, 2020 and no longer receives any bug fixes, security patches, or other changes. Apple says that developers should use an alternative scripting language going forward, such as Python 3, but it's worth noting that Python...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.2 With Safari Vulnerability Fix

Wednesday January 26, 2022 10:19 am PST by
Apple today released macOS Monterey 12.2, the second major update to the macOS Monterey update that launched in October. macOS Monterey 12.2 comes over a month after the release of the 12.1 update, which brought SharePlay support. The ‌‌‌macOS Monterey 12.2‌‌ update can be downloaded on all eligible Macs using the Software Update section of System Preferences. Apple has also...
safari icon blue banner

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

Thursday January 20, 2022 1:30 pm PST by
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities. As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
iPhone 13 Security

Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

Monday September 27, 2021 12:55 pm PDT by
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...

Popular Stories

iphone 14 iphone 14 plus in hand

Kuo: iPhone 14 Plus Pre-Orders Worse Than iPhone 13 Mini, Product Strategy 'Fails'

Monday September 12, 2022 4:27 am PDT by
The iPhone 14 and iPhone 14 Plus have seen "bad" pre-order results, indicating that Apple's positioning of the two new standard models may have failed, according to Apple analyst Ming-Chi Kuo. In his -14-first-weekend-online-pre-order-survey-110411040b5d">latest post on Medium, Kuo explained that the iPhone 14 Pro and iPhone 14 Pro Max have seen "neutral" and "good" pre-order results...
ios 16 beta battery percentage icon

Apple Confirms iOS 16 Battery Percentage Display Not Available on Certain iPhone Models

Tuesday September 13, 2022 1:00 am PDT by
Following iOS 16's public release, Apple has confirmed that users of older generation iPhone models will miss out on the ability to show their iPhone's battery percentage directly in the status bar. In an updated support document, Apple says that the new battery percentage display is not available on the iPhone XR, iPhone 11, the iPhone 12 mini, and the iPhone 13 mini. Apple provides no...
ios 16 lockscreens

iOS 16 Launches Tomorrow: Six New Features Worth Checking Out

Sunday September 11, 2022 7:53 am PDT by
Apple is set to release iOS 16 this Monday, September 12, as a free update for the iPhone 8 and newer. iOS 16 includes plenty of new features, ranging from a customizable Lock Screen to the ability to temporarily edit or unsend iMessages. To install iOS 16 when the update is released, open the Settings app on your iPhone and tap General → Software Update. After you update your iPhone to...
iOS 16 hidden features

16 Hidden iOS 16 Features You Didn't Know About

Tuesday September 13, 2022 11:55 am PDT by
Apple this week released iOS 16, the latest version of iOS with a new customizable Lock Screen, major new additions to Messages, and enhancements to Mail, Maps, and more. Other than the headlining features, there are a number of quality-of-life changes, improvements, and new capabilities baked into iOS 16 that help improve the iPhone experience. We've listed 16 hidden features and changes...
iphone 14 lineup

iPhone 14 Battery Capacities For All Four Models Revealed Ahead of Launch

Sunday September 11, 2022 3:58 pm PDT by
Apple does not advertise battery capacities for its new iPhone 14 lineup, but MacRumors has obtained this information from a Chinese regulatory database. Three out of four iPhone 14 models feature larger battery capacities compared to the iPhone 13 lineup, with the exception being the iPhone 14 Pro Max, which is equipped with a slightly smaller battery compared to the iPhone 13 Pro Max....