A 15-year-old vulnerability has been discovered by researchers in Apple devices like Macbook that can allow hackers to access sensitive information by bypassing a vulnerability in third-party Mac security programs from Facebook, Google, VirusTotal.
What is the vulnerability?
The bug is in the way several security products for Mac implement Apple’s code-signing API, thus allowing hackers to impersonate Apple to sign malicious code and evade third-party security tools. In simpler words, hackers can design custom malware executables and bind them with legitimate Apple applications that would even appear assigned by Apple even when they are not.
What is code-signing?
Code-signing is a process that checks whether the files are signed with digital certificate i.e the code is authentic and comes from the organisation that signed it.
So, if a file is signed by MacOS the computer will trust the application. The vulnerability that was found, allowed hackers to merge malicious files with legitimate Apple-signed code and thus make the malware look like it was signed by Apple.
In order to exploit the vulnerability attackers requires Fat binary format contains several Mach-O files written for different CPU architectures (i386, x86_64, or PPC).
Although, it should be noted that the vulnerability is not in macOS how third-party security tools implemented Apple’s code-signing APIs when dealing with Mac’s executable files called Universal/Fat files.
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes
Although researchers have recently discovered this vulnerability, it is not known since how long this vulnerability was out in the open. For malicious Hackers and surveillance agencies, these techniques are gold for spreading malware and they might have already been exploiting this vulnerability to distribute malware via binding it with legitimate Apple applications.
Users are suggested to completely avoid downloading applications from 3rd party sources even if they seemed to be signed by a trusted authority and make sure they install the software and OS updates the moment they are released.
Your email address will not be published. Required fields are marked *
Bill and Melinda Gates to Host Second Annual Goalkeepers Event, Focusing on the Power of Youth to Drive Global Progress
The COO Dilemma: Building sustainable growth capacity in exponential times
Ramco Systems wins the Frost & Sullivan Best Practices Award for second year in a row
Tata Motors launches Tata Nexon in Sri Lanka
2014 The Global Indian New Network (TGINN)