macOS 11.3 patches bug that allowed attacks to bypass Mac security
Apple in macOS Big Sur 11.3 fixed a bug that could have allowed attackers to bypass the Mac's security mechanisms with a malicious document.
Credit: AppleInsider
The software flaw allowed attackers to create a malicious application that could masquerade as a document, TechCrunch reported Monday. Security researcher Cedric Owens first discovered the bug in March.
According to Owens, "all the user would need to do is double click -- and no macOS prompts or warnings are generated." The researcher created a proof-of-concept app that exploited the flaw to launch the Calculator app.
Although Owens' demonstration app was harmless, a malicious attacker could have leveraged the vulnerability to remotely access sensitive data or other information on a user's machine by tricking them into clicking a spoofed document.
Security researcher and Mac specialist Patrick Wardle also reported that the bug is being actively exploited in the wild as a zero-day vulnerability. He added that the flaw was caused by a logic issue in macOS's code.
Apple told TechCrunch that it patched the bug in macOS Big Sur 11.3, which the Cupertino tech giant released on Monday. In addition to that release, Apple also issued patches for the flaw to macOS Catalina and macOS Mojave.
In addition to patching the specific vulnerability, Apple's macOS Big Sur 11.3 update also includes fixes for a bevy of other security flaws.
macOS Big Sur 11.3 should now be available as an over-the-air update to all users on compatible Macs.
Credit: AppleInsider
The software flaw allowed attackers to create a malicious application that could masquerade as a document, TechCrunch reported Monday. Security researcher Cedric Owens first discovered the bug in March.
According to Owens, "all the user would need to do is double click -- and no macOS prompts or warnings are generated." The researcher created a proof-of-concept app that exploited the flaw to launch the Calculator app.
Although Owens' demonstration app was harmless, a malicious attacker could have leveraged the vulnerability to remotely access sensitive data or other information on a user's machine by tricking them into clicking a spoofed document.
Security researcher and Mac specialist Patrick Wardle also reported that the bug is being actively exploited in the wild as a zero-day vulnerability. He added that the flaw was caused by a logic issue in macOS's code.
Apple told TechCrunch that it patched the bug in macOS Big Sur 11.3, which the Cupertino tech giant released on Monday. In addition to that release, Apple also issued patches for the flaw to macOS Catalina and macOS Mojave.
In addition to patching the specific vulnerability, Apple's macOS Big Sur 11.3 update also includes fixes for a bevy of other security flaws.
macOS Big Sur 11.3 should now be available as an over-the-air update to all users on compatible Macs.
Comments