As many of you may know, Mac has some security features that keep it away from the most common cyber attacks. O Gatekeeper (Apple-developed mechanism that checks code for downloaded software before allowing MacOS to run it) One of them, but it seems that this tool has a vulnerability in its main function.
The Online Security Specialist Filippo Cavallarin unveiled last Friday what it says is a way around the security functionality of Gatekeeper. In short, the macOS security tool can identify external drives and networks as safe and run untrusted apps without prompting the user.
To better understand how the vulnerability enables the Mac to be attacked, let's consider the following situation: An attacker creates a ZIP file containing a symbolic link (which creates a reference to other files or folders stored in a different location) in an image document. self-assembly disk (SMI), which is sent to the victim and extracted to that person's Mac.
In this sense, the victim executes the intruder-controlled software code, which combines the symbolic link with the SMI file to automatically mount a “secure” network share on the Mac, which can easily be reproduced by the user when creating any / net directory. / in macOS.
Thus, running the software / application does not trigger Gatekeeper, completely bypassing Apple's security method. Cavallarin said that because Finder was designed to hide application extensions and the full title bar directory by default, users would have difficulty identifying the attack, as seen in the video above.
The vulnerability was exploited by Sabina Alexandra tefnescu, security professional and co-founder of Security Espresso. Using Cavallarin's technique, she was able to add to the Calculator app (Calculator) one script that opened iTunes you can also change app icons that way.
According to Cavallarin, Apple was warned about the problem on February 22 and should have solved it by the 15th of this month, which did not happen. Even the latest macOS Mojave update (version 10.14.5, released two weeks ago) has not yet fixed the problem, according to the researcher.