Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from neglected bits of code.
Patrick Wardlefounder of the Objective-See Foundation, is a leading security researcher iOS and macOSspoke Monday about macOS threats to the RSA Conference 2022 of San Francisco.
Wardle, told attendees that often the vulnerability of which the attackers they need to compromise Mac, they are not derived from tireless apps and code reverse engineeringbut rather from simply working in the blind spots of the tech giant.
To illustrate his point, Wardle pointed to two vulnerabilities, CVE-2021-30657 e CVE-2021-30853which were not both based on vulnerability of technical software in the macOS operating system, but rather loopholes in the logic of the operating system, which would have allowed applications to do things they shouldn’t.
Wardle’s statements
Wardle explained:
From the point of view of the Finder and the system, it is an application. Since an info.plist file was missing.
In the case of CVE-2021-30657and attacker would be able to bypass security checks, normally supplied by Apple, simply leaving out a single file. Wardle found that when certain types of applications do not contain the info.plistthey will not be subject to the scanning tools that Apple normally uses to exclude malicious apps.
The problem lay in the way macOS handled scripted applications. When compiled without the info.plist file, an application will use secondary tools to boot that will not perform normal security checks.
As a result, macOS malware could potentially run, on a system, without being captured by Apple’s security tools and controls. Wardle noted that CVE-2021-30657 was exploited as a zero-day vulnerability in kind last year. Likewise, CVE-2021-30853 it was based on an issue in how macOS checks applications at startup.
With this defect, a attacker would be able to tinker with the script path on an application, to make Apple’s security extensions leave key variables set as “null“. When such variables are set, the checks to see if aapplication is authorized and safe to run are not executed and, as a result, the malware could potentially be deselected.
What do you think of these statements by Wardle about MacOS malware attacks? Let us know below in the comments. Don’t forget to follow us on our Instagram page and stay connected on tuttotek.
Leave a Reply
View Comments