Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from neglected bits of code.
Patrick Wardlefounder of the Objective-See Foundation, is a leading security researcher iOS and macOSspoke Monday about macOS threats to the RSA Conference 2022 of San Francisco.
Wardle, told attendees that often the vulnerability of which the attackers they need to compromise Mac, they are not derived from tireless apps and code reverse engineeringbut rather from simply working in the blind spots of the tech giant.
To illustrate his point, Wardle pointed to two vulnerabilities, CVE-2021-30657 e CVE-2021-30853which were not both based on vulnerability of technical software in the macOS operating system, but rather loopholes in the logic of the operating system, which would have allowed applications to do things they shouldn’t.
Wardle explained:
From the point of view of the Finder and the system, it is an application. Since an info.plist file was missing.
In the case of CVE-2021-30657and attacker would be able to bypass security checks, normally supplied by Apple, simply leaving out a single file. Wardle found that when certain types of applications do not contain the info.plistthey will not be subject to the scanning tools that Apple normally uses to exclude malicious apps.
The problem lay in the way macOS handled scripted applications. When compiled without the info.plist file, an application will use secondary tools to boot that will not perform normal security checks.
As a result, macOS malware could potentially run, on a system, without being captured by Apple’s security tools and controls. Wardle noted that CVE-2021-30657 was exploited as a zero-day vulnerability in kind last year. Likewise, CVE-2021-30853 it was based on an issue in how macOS checks applications at startup.
With this defect, a attacker would be able to tinker with the script path on an application, to make Apple’s security extensions leave key variables set as “null“. When such variables are set, the checks to see if aapplication is authorized and safe to run are not executed and, as a result, the malware could potentially be deselected.
What do you think of these statements by Wardle about MacOS malware attacks? Let us know below in the comments. Don’t forget to follow us on our Instagram page and stay connected on tuttotek.
A few days ago the last day dedicated to the Vicenza Classic Car Show ended,…
Ready for an exciting and heated clash, the one between Calzona and De Rossi. But…
A very quick and stalled episode for Anime Breakfast this week, and perhaps a little…
In this article we will see the review of the Cosori P583S, an air fryer…
The employees who are part of the work team of the Volkswagen factory in Chattanooga…
Sunday commitments always turn out to be lively. Let's find out where to watch Bologna-UdineseI…
