A 15-year-old vulnerability has been discovered by researchers in Apple devices like Macbook that can allow hackers to access sensitive information by bypassing a vulnerability in third-party Mac security programs from Facebook, Google, VirusTotal.
What is the vulnerability?
The bug is in the way several security products for Mac implement Apple’s code-signing API, thus allowing hackers to impersonate Apple to sign malicious code and evade third-party security tools. In simpler words, hackers can design custom malware executables and bind them with legitimate Apple applications that would even appear assigned by Apple even when they are not.
What is code-signing?
Code-signing is a process that checks whether the files are signed with digital certificate i.e the code is authentic and comes from the organisation that signed it.
So, if a file is signed by MacOS the computer will trust the application. The vulnerability that was found, allowed hackers to merge malicious files with legitimate Apple-signed code and thus make the malware look like it was signed by Apple.
In order to exploit the vulnerability attackers requires Fat binary format contains several Mach-O files written for different CPU architectures (i386, x86_64, or PPC).
Although, it should be noted that the vulnerability is not in macOS how third-party security tools implemented Apple’s code-signing APIs when dealing with Mac’s executable files called Universal/Fat files.
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes
Although researchers have recently discovered this vulnerability, it is not known since how long this vulnerability was out in the open. For malicious Hackers and surveillance agencies, these techniques are gold for spreading malware and they might have already been exploiting this vulnerability to distribute malware via binding it with legitimate Apple applications.
Users are suggested to completely avoid downloading applications from 3rd party sources even if they seemed to be signed by a trusted authority and make sure they install the software and OS updates the moment they are released.
Your email address will not be published. Required fields are marked *
KPIT Awarded the FKCCI CSR Awards 2018 for CSR Excellence in Basic Education
SMEs, partners must collaborate to fast track cloud adoption in East Africa
We must find a voice in the global health conversation or face the consequences
Magma to offer Scholarships to Meritorious Students from underprivileged families
The ‘INDIA 2.0’ Project: ŠKODA AUTO assumes responsibility for the Indian market on Volkswagen Group’s behalf
2014 The Global Indian New Network (TGINN)