Last Active
  • Mysterious malware infecting Apple Silicon Macs has no payload - yet

    Javascript: Second only to Flash as a vector for malware and viruses. Wasn't it supposed to be ultra secure? I could have sworn that was the reason given for why it was created in the first place.

    JavaScript isn’t the issue here. It’s an incidental bystander to the crime. The installer package happens to (reasonably) allow scripts to be run as part of the install/cleanup process. Crucially, it could have been Apple Script or a bash script and done the exact same thing. The user that runs the .pkg installer file is the weak link, the insecurity, as they allowed an unsafe application to have control of their system. An installer is a foreign executable, regardless of the language in which it’s code is written. At no point is the JavaScript doing something it wasn’t permitted to do by the user or the system.

    Flash had myriad exploitable vulnerabilities, where unauthorized code could break free of Flash’s constraints, escalate privilege and run on the native system. This isn’t like that. Particular JavaScript virtual machines/interpreters may have similar vulnerabilities, but this isn’t one of those cases. This is more like welcoming the bad guys in directly.
  • Mysterious malware infecting Apple Silicon Macs has no payload - yet

    Every article about how M1 is now a malware target is stupid clickbait. In none of these cases is the M1 chip exhibiting a vulnerability, other than macOS’ ability to cause code to be run upon it. It’s macOS that’s suffering the vulnerability, the same macOS that also runs on Intel. A compiler target architecture is not remotely the same thing as a exploitable hardware target. It’s just a command line flag. It can’t possibly be news that a malware author changed a compiler flag — xCode practically begs all developers to also target Apple Silicon. Apple never implied the M1 would be in any way more resistant to malware than Intel processors, and they bent over backward to make sure Intel code could run along side natively compiled M1 code to make the processor as irrelevant as possible. Please be responsible journalists and just write a single article stating the M1 is no more or less vulnerable to malware, and leave these “Apple Silicon vulnerability“ framings to less reputable blogs.