Apple computers pride itself to be one of the most secure consumer computer out there, but it seems like malware engineers and cybercriminals are catching up with Mac’s security features. A cybersecurity researcher has found a loophole in MacOS’ security mechanisms that could potentially be used to sneak in infectious malware in the computer. And amidst being told by the researcher, Apple is yet to patch the vulnerability.
According to Filippo Cavallarin, a security researcher, through his website, he discovered a vulnerability in MacOS’ security mechanism, Gatekeeper, that could be used by hackers to sneak in malware to the Apple computers. He detailed his discovery in his website, wearesegment.com, that while it is hard for hackers to infiltrate the system by sending a program to run in an Apple device, they can still do it with a workaround.
He said that malware could get around Gatekeeper – the feature that prompts users to confirm if they want an “unknown” application to be installed in the system especially if they are from outside of the Mac App store – by sending the malware through a zip file archive to disguise the malicious software. In theory, it becomes possible for hackers to run whatever code they like.
Usually, a malware infection happens when an unsuspecting target opens and installs an application – commonly from an unidentified email – but in this case, installing an app is hard to do as Apple’s Gatekeeper provides enough security for users. Instead, the researcher said, the hacker can just essentially send a zip file archive to the target and have him/her to trust the content of the zip file archive for them to extract it.
Cavallarin says that following his discovery of the said vulnerability, he immediately contacted Apple to report his results and have them patch the problem. However, the latest macOS 10.14.5 update remains vulnerable.
Apple was given by the researcher 90 days to patch the vulnerability. Otherwise, Cavallarin would go public with his discovery. And it seems like Apple did not treat his warning seriously.
“This issue was supposed to be addressed, according to the vendor, on May 15th, 2019 but Apple started dropping my emails,” says Cavallarin. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”
Malware persists amidst efforts to stop them
Malware has become one of the world’s most infectious computer virus with attacks that were successful in shutting down businesses and city governments for days in the past. While white-hat hackers, those who hack for the common good (i.e., report vulnerabilities, fix bugs, etc.), have been able to protect systems against malware, the hackers are also getting bolder and more creative in their methodologies.
In one instance, a Linux version of the malicious malware called Winnti has been discovered by Google’s Chronicle while they are investigating the cyberattack against Bayer, a multinational pharmaceutical company. Winnti is the malware strain that was said to be used in the high-profile cyber attack against a Vietnamese gaming company in 2015.
Furthermore, tech researchers have suggested that the use of Winnti malware is linked to an organized and coordinated Chinese intelligence network that aims to siphon not only money but also has an ulterior political agenda.
Furthermore, amidst governments and private entities’ fervent and strengthened crackdown against malware and cybercriminals, the underground operations seem to persist still. Last week, the United States government indicted more than ten individuals linked to multiple malware attacks that have affected different companies across all sectors. The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.
The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses. The announcement reveals that the charged individuals came from six countries and several are already awaiting prosecution in Europe. Another defendant in a related case was already extradited to the U.S. from Bulgaria in 2016 and pleaded guilty last month in federal court in Pittsburgh, where Thursday’s case was brought. The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.