Apple patches nasty macOS exploit that bypasses security protections

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Apple has patched a nasty macOS bug that could have allowed malicious applications to circumvent the operating system's in-built security protections.

As reported by Bleeping Computer, the flaw was first discovered by Gordon Long, Offensive Security Engineer at Box. According to Long, the vulnerability could allow a specially crafted, script-based application to be launched on a Mac device without Gatekeeper (an antivirus service that verifies the authenticity of all downloaded apps) ever triggering an alarm.

In order for the app to work, it would need to use a script starting with a shebang (!#) character, but with the rest of the line empty. That way, Unix shell would run the script without specifying a shell command interpreter.

Apple released a patch for the vulnerability in its September 2021 update, bringing the OS to version 11.6. Users of macOS 12 beta 6 are also protected, researchers confirmed.

macOS security bug

Objective-See security researcher Patrick Wardle has provided further insight into the exploit mechanism.

"The syspolicyd daemon will perform various policy checks and ultimately prevent the execution of untrusted applications, such as those that are unsigned or unnotarized," he explained in a blog post.

"But, what if the AppleSystemPolicy kext decides that the syspolicyd daemon does not need to be invoked? Well then, the process is allowed! And if this decision is made incorrectly, well then, you have a lovely File Quarantine, Gatekeeper, and notarization bypass."

Wardle also said that the attackers can mask the malicious app as a harmless PDF file which, as well all know, can be delivered in numerous ways, be it through email, poisoned search results, fake updates, or malware downloaded from shady websites.

After the victim runs the script, the attacker can also use it to download and run more potent malware, it was said.

Via Bleeping Computer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game