It is tough for any IT company to prevent themselves from modern cyber criminals. Technology pays equal importance to organizations and the digital criminals. SImilarly, Apple, the international brand has come across a powerful cyber attack.
Apple has already informed the MAC users to update their systems with the new macOS software. As per reports, this is the worst vulnerability that the hackers can use to affect the IT giant. Since January, the malware is exploiting the system and patches have been created on an urgent basis accordingly.
As described by Patrick Wadle, former NSA Analyst and a macOS expert, the vulnerability has pushed Apple security to a decade back, and this is termed as one of the worst security issues faced by Apple ever. The Apple OS is badly hit by this hacking activity. The Malware can bypass all the Apple security checks (gatekeeper and file quarantine). These security checks are designed to stop any unrecognised and unhealthy apps.
Interestingly, there’s a condition: the hackers need to confirm that the MAC user downloads or runs an app that is not available on the App store. Once the hackers made it done, there is no way that the Apple system can stop them. Besides, the OS doesn't make any changes to the system files, and may seek for permissions to access photos, mic and other permissions.
Mr. Wardle strongly advises people not to open any file sent by anybody in their MAC system; if they are not using patched macOS.
As mentioned, Apple has already released the patches that will certainly fix the vulnerability and other issues. Besides, the malware can affect all versions of macOS; hence users are requested to upgrade their OS instantly.
Further, Wardle stated:
"it undermines so much of Apple’s security efforts. Clearly this code was never audited,"
"It’s trivial to weaponize 100% reliably."
Besides, an Apple representative reported that the issue has been recognized in OS 11.3 and improved their XProtect, which helps in detecting malware and blocking it. The improved XProtect will be automatically updated on all macOS versions.
Interestingly, the said bug was initially identified in the middle of March by Cedric Owens, and was reported to Apple accordingly. Cedric found some issue in Gatekeeper that it is reviewing certain scripts in the app.
Cedric used "Appify" to test Apple’s Gatekeeper which is a legal tool. Excitingly, the mentioned tool bypassed Apple security in 2011. Owens used the same technique on the updated OS and successfully went through it. The app certainly gets downloaded on the MAC system without displaying any pop-up or warning for the unapproved tool.
Hence, he informed Apple about this and the company released the beta version with the fixes. Cedric re-tested the technique but could not clear the Apple security this time. That means the fixes worked.
By the time Apple got known about the vulnerability, the hackers had already started exploiting macOS. As revealed by another cyber security expert, Jaron Bradley, the offenders were running the malware "Shlayer" and were using the security flaws (zero-day vulnerability). The goal was to install adware on different MACs, and to earn money by fake clicks on the advertisements. The malware was sent to the victim's system using fake app installers.
Jaron Bradley works as a MAC expert in Jamf, a US based cyber security firm.
Bradley reported on the malware case:
"Shlayer continues to be one of the most active and prevalent malware families for macOS,"
Still, the hackers behind the case are unidentified!
Indian School of Ethical Hacking is a renowned cyber security institute in India. Our vision is to train people in the cyber security field and make them capable of preventing the IT industry from growing cyber criminals.
Keep reading ISOEH news and stay up to date with IT and cyber security news. We bring you the latest updates from all around the globe.