Apple has fixed a serious macOS problem that might have enabled malicious apps to bypass the operating system’s built-in security safeguards. Gordon Long, Offensive Security Engineer at Box, found the vulnerability earlier, according to Bleeping Computer.
As per Long, the flaw might let a carefully constructed script-based program run on a Mac without Gatekeeper — an antivirus software that validates the legitimacy of all downloaded apps — ever raising an alarm. The program would need to utilize a script that starts with a shebang (!#) symbol but leaves the remainder of the line blank in order for it to work.
The script would then be run by a Unix shell without the need to specify a shell command interpreter. The weakness was patched in Apple’s September 2021 update, which brought the OS up to version 11.6. Researchers determined that users of macOS 12 beta 6 are also safe.
Patrick Wardle, a security expert from Objective-See, has released more information about the exploit methodology. In a blog post, he noted that “the syspolicyd daemon would do numerous policy checks and ultimately prevent the execution of untrusted applications, such as those that are unsigned or unnotarized.” “But what happens if the AppleSystemPolicy determines that the syspolicyd daemon isn’t required? So, the procedure is permitted! And if you make the wrong selection, you’ll have a nice File Quarantine, Gatekeeper, and notarization bypass.”
Wardle further stated that the adversaries can disguise the malicious program as a benign PDF file, which can be distributed in a variety of methods, including via email, poisoned search results, phony upgrades, or malware downloaded from dubious sources, as we already know.
The attacker can utilize the script to download and run more powerful malware after the victim executes it, according to the report.