A 15-year-old vulnerability has been discovered by researchers in Apple devices like Macbook that can allow hackers to access sensitive information by bypassing a vulnerability in third-party Mac security programs from Facebook, Google, VirusTotal.
What is the vulnerability?
The bug is in the way several security products for Mac implement Apple’s code-signing API, thus allowing hackers to impersonate Apple to sign malicious code and evade third-party security tools. In simpler words, hackers can design custom malware executables and bind them with legitimate Apple applications that would even appear assigned by Apple even when they are not.
What is code-signing?
Code-signing is a process that checks whether the files are signed with digital certificate i.e the code is authentic and comes from the organisation that signed it.
So, if a file is signed by MacOS the computer will trust the application. The vulnerability that was found, allowed hackers to merge malicious files with legitimate Apple-signed code and thus make the malware look like it was signed by Apple.
In order to exploit the vulnerability attackers requires Fat binary format contains several Mach-O files written for different CPU architectures (i386, x86_64, or PPC).
Although, it should be noted that the vulnerability is not in macOS how third-party security tools implemented Apple’s code-signing APIs when dealing with Mac’s executable files called Universal/Fat files.
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes
Although researchers have recently discovered this vulnerability, it is not known since how long this vulnerability was out in the open. For malicious Hackers and surveillance agencies, these techniques are gold for spreading malware and they might have already been exploiting this vulnerability to distribute malware via binding it with legitimate Apple applications.
Users are suggested to completely avoid downloading applications from 3rd party sources even if they seemed to be signed by a trusted authority and make sure they install the software and OS updates the moment they are released.
Your email address will not be published. Required fields are marked *
Fly away with Joy: Avis India welcomes 135 BMWs in its exclusive Emirates fleet
Three months on, Dada lives on…
How to Make the Open Office Plan Work
AIMS launches novel masters in machine intelligence, a first in Africa
Nessians Run to Spread Awareness Against Drug Abuse
2014 The Global Indian New Network (TGINN)