macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.
According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.
"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."
In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.
Related Stories
Apple today seeded the first beta of macOS 12.3 to developers for testing. In the release notes for the update, Apple confirms that it has deprecated kernel extensions used by Dropbox and Microsoft OneDrive and notes that both cloud storage services have replacements for the functionality currently in beta.
Earlier this week, Dropbox announced that users who update to macOS 12.3 may...
Thursday January 20, 2022 3:32 am PST by
Sami FathiApple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible.
In the time since, reports have surfaced indicating...
Apple today updated its macOS 12.3 beta release notes to warn macOS Catalina users about a potential boot loop issue when installing the macOS 12.3 or macOS 11.6.4 betas on a separate APFS volume with FileVault enabled.
"If your Mac currently has macOS Catalina installed, installing macOS Monterey 12.3 beta or macOS Big Sur 11.6.4 beta on a volume with FileVault enabled might cause a boot...
Apple will no longer bundle Python 2.7 with macOS 12.3, according to developer release notes for the upcoming software update. Python 2 has not been supported since January 1, 2020 and no longer receives any bug fixes, security patches, or other changes.
Apple says that developers should use an alternative scripting language going forward, such as Python 3, but it's worth noting that Python...
Apple today released macOS Monterey 12.2, the second major update to the macOS Monterey update that launched in October. macOS Monterey 12.2 comes over a month after the release of the 12.1 update, which brought SharePlay support.
The macOS Monterey 12.2 update can be downloaded on all eligible Macs using the Software Update section of System Preferences. Apple has also...
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months.
Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...
Popular Stories
The iPhone 14 and iPhone 14 Plus have seen "bad" pre-order results, indicating that Apple's positioning of the two new standard models may have failed, according to Apple analyst Ming-Chi Kuo.
In his -14-first-weekend-online-pre-order-survey-110411040b5d">latest post on Medium, Kuo explained that the iPhone 14 Pro and iPhone 14 Pro Max have seen "neutral" and "good" pre-order results...
Tuesday September 13, 2022 1:00 am PDT by
Sami FathiFollowing iOS 16's public release, Apple has confirmed that users of older generation iPhone models will miss out on the ability to show their iPhone's battery percentage directly in the status bar. In an updated support document, Apple says that the new battery percentage display is not available on the iPhone XR, iPhone 11, the iPhone 12 mini, and the iPhone 13 mini. Apple provides no...
Apple is set to release iOS 16 this Monday, September 12, as a free update for the iPhone 8 and newer. iOS 16 includes plenty of new features, ranging from a customizable Lock Screen to the ability to temporarily edit or unsend iMessages.
To install iOS 16 when the update is released, open the Settings app on your iPhone and tap General → Software Update. After you update your iPhone to...
Tuesday September 13, 2022 11:55 am PDT by
Sami FathiApple this week released iOS 16, the latest version of iOS with a new customizable Lock Screen, major new additions to Messages, and enhancements to Mail, Maps, and more. Other than the headlining features, there are a number of quality-of-life changes, improvements, and new capabilities baked into iOS 16 that help improve the iPhone experience. We've listed 16 hidden features and changes...
Apple does not advertise battery capacities for its new iPhone 14 lineup, but MacRumors has obtained this information from a Chinese regulatory database.
Three out of four iPhone 14 models feature larger battery capacities compared to the iPhone 13 lineup, with the exception being the iPhone 14 Pro Max, which is equipped with a slightly smaller battery compared to the iPhone 13 Pro Max....
Top Rated Comments
There‘s a good write up of the disastrous security flaw here ('https://objective-see.com/blog/blog_0x64.html').
There are still murders, robberies, other criminal acts. Does that mean the police does nothing?