A recently discovered security vulnerability could leave Mac users exposed to malware disguising itself in other programs. If your business relies on Mac, it’s important to know how you can protect your company from falling victim to a cyberattack.
What is the Security Vulnerability?
In early 2019, security expert Filippo Cavallarin discovered a bug in Apple’s Gatekeeper functionality. Gatekeeper is a service that inspects apps that you want to install on a device to ensure they are certified by Apple. If not, you’ll get an “are you sure?” message before you complete the installation.
Cavallarin discovered that there’s a flaw that lets untrustworthy apps trick Gatekeeper into giving the all-clear signal, meaning you never get that “do you really want to do this?” alert.
Instead, once bypassed, you will get a simple, “please download” message, which could contain a zip file that once unpacked, connects back to the hackers’ server.
Cavallarin gave Apple 90 days to repair the flaw, but Apple did not, leading the researcher to disclose the exploit himself in late May. The vulnerability affects all macOS versions. As of this posting, Apple has yet to address the vulnerability.
How Can the Vulnerability Be Exploited?
In late June, cybersecurity companies began noticing the first identified attempts to bypass the Gatekeeper function, now dubbed OSX/Linker. The first identified attempts were believed to be a test to see if the flaw can truly be exploited and worked by writing something to a text file on a compromised computer. Those test runs were signed with certificates used by known adware producers behind the OSX/Surfbuyer malware.
At present, it does not appear that the OSX/Linker malware has taken root outside of test environments.
The identified malware attempts also used a common technique used by malware writers. In a second strain discovered, the malware was disguised to look like Adobe Flash Player installers, a tried and true approach that tricks Apple users into downloading malware when they think they’re downloading a routine software update.
The second strain of malware, dubbed OSX/CrescentCore, checks to see if there’s evidence of common third-party anti-malware software and tools that reverse engineer code on a computer. It also checks to see if it’s being installed on a virtual machine. If so, it will not install itself. Researchers have already found OSX/CrescentCore on multiple websites. It’s also disguised as an Adobe Flash Player installer.
CrescentCore also appeared via high-ranking Google search result listings, which redirected multiple times to a suspicious website.
Once installed, OSX/CrescentCore installs a LaunchAgent folder in a Mac Library folder that includes code to be run every time a user logs in.
It appears the malware coders got access to an Apple Developer ID to deliver the sample code in some instances.
Another identified exploit, called OSX/NewTab, inserts new tabs into a Safari browser session. The injected tabs can contain loaders or malware packages.
One danger of this potential malware is that the embedded code on disk images points to a malicious app on a single linked server. That means that a malicious app could be distributed more easily at any time.
Aren’t Apple Computers Virus-Proof and Much Safer than Windows and Other Operating Systems?
It’s a longstanding myth that Macs are inherently safer than Windows PCs. In recent years, hackers have increasingly targeted Apple operating systems to exploit vulnerabilities.
In February 2018, for example, OSX/Shlayer was discovered, yet another Adobe Flash Player scam that would download additional adware and malware. Similar to the newly discovered threats, it also looked for installed anti-malware software. The year also brought the discovery of OSX/MaMi, which pointed an infected computer to a server allowing them to access websites, even those with encrypted traffic.
June 2018 was an active month for malware discovery. There were several types of malware that exploited a Firefox browser vulnerability. A cryptocurrency miner was discovered embedded in pirated copies of audio software, making it possible to take over a Mac’s processing capabilities to mine.
What Can My Business Do To Protect Our Systems?
There are several security steps to take if there are Apple operating systems in play on any devices connected to your business network.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.