MacBooks face serious malware risk — update to macOS Big Sur 11.3 ASAP

macOS Big Sur review
(Image credit: Laptop Mag)

MacBook owners are scrambling to update their laptops to macOS Big Sur 11.3 after security researcher Cedric Owens discovered a malicious software bug that slips through macOS' security defenses.

This vicious security vulnerability ravaged Mac devices for months before Apple released a patch this week that obstructs the harmful, intrusive software (via TechCrunch).

Unknown macOS bug labeled as "most impactful" malware in recent history

Apple is known for running a tight ship with its macOS software security defenses, but somehow, an unknown software bug managed to bypass macOS protections such as File Quarantine, Gatekeeper and app notarization requirements. The exploit lets hackers take control of victims' computers.

macOS warning

Example of macOS warning prompt (Image credit: Apple)

Owens told TechCrunch that the macOS software vulnerability allowed him to hack into users' systems using an innocuous-looking file. "All the user would need to do is double click — and no macOS prompts or warnings are generated." 

Owens proved his case by creating a proof-of-concept app that masqueraded as an innocent document; he demonstrated that he could remotely launch the Calculator app using the macOS exploit. With this bug, malicious actors could do much worse (e.g. remotely access users' private data).

"This is likely the worst or potentially the most impactful bug to everyday macOS users [in recent memory]," Patrick Wardle, a macOS cybersecurity expert, told Motherboard. Wardle, by the way, discovered the first M1-based malware strain dubbed "Silver Sparrow."

Best Laptops of the Year

M1 Macbook (Image credit: Laptop Mag)

Owens reported the malicious software bug to Apple on March 25. On Monday, Apple addressed the issue with macOS version 11.3, which updates XProtect, macOS' built-in security feature, to detect the exploit Owens discovered.

Although Apple patched the security bug, Wardle isn't letting Apple off the hook that easily. He told Forbes that the vulnerability "undermines so much of Apple's security efforts. Clearly this code was never audited."

Macs don't suffer the same level of cybersecurity threats as Windows, but these security flaws are a grave reminder that MacBooks are not immune to intrusive, harmful software.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!