- A long-existing security bug was found on Mac recently.
- The bug was triggered upon a missing property list file in an application.
- It let a malicious attacker access a userís sensitive data remotely.
A set of malicious apps has come to light which, at one point, was able to bypass almost all the security protocols on Apple's macOS. The malware on these apps made use of a particular vulnerability on the macOS for months before it was patched this week.
The point of a security lapse on Apple Macs was highlighted recently by a security researcher named Cedric Owens. The researcher even demonstrated the loophole by building his own app that could bypass Mac's security checks and launch the calculator app on the system. Point was to prove that if the vulnerability could be used for this, it could be used for almost any type of targeted attack by threat actors.
Owens first found the macOS bug in mid-March, as reported by TechCrunch. The bug lets a malicious app bypass the numerous checks in place in the macOS, which come into action whenever an unidentified file is run. These security checks are often seen as prompts that appear when files from an unverified publisher are run on the Mac system.
In a usual scenario, macOS will not run the file unless explicitly specified by the user. In the case of this vulnerability, a malicious app would easily be able to avoid those checks and launch normally without even generating a warning prompt for the user. Only a double click would be required to run such files.
How it worked
Another Mac security specialist named Patrick Wardle recently examined how the bug worked. Now mentioned in a technical blog post, Wardle explained that the vulnerability was triggered because of a logic bug in the underlying code of macOS.
This underlying code makes use of a property list file that highlights where the crucial files of an application are located. Owens found that if this property file was taken out and the bundle of files within an application was built with a particular structure, the macOS could be tricked into running the application without triggering any warnings.
The researchers claimed that exploitation of the bug could allow a malicious attacker to access a user's sensitive data remotely. All that the attacker had to do was trick the victim into opening the file.
Mac security company Jamf even detected exploitations of the bug in January, months before being detected. Owens reported the bug to Apple upon finding it, and it has reportedly been fixed in macOS 11.3.