MacBook owners are scrambling to update their laptops to macOS Big Sur 11.3 after security researcher Cedric Owens discovered a malicious software bug that slips through macOS' security defenses.
This vicious security vulnerability ravaged Mac devices for months before Apple released a patch this week that obstructs the harmful, intrusive software (via TechCrunch).
- Nasty MacBook with M1 malware could steal your cryptocurrency
- Apple's M1 laptops face their first malware threat
- Best VPN services of 2021
Unknown macOS bug labeled as "most impactful" malware in recent history
Apple is known for running a tight ship with its macOS software security defenses, but somehow, an unknown software bug managed to bypass macOS protections such as File Quarantine, Gatekeeper and app notarization requirements. The exploit lets hackers take control of victims' computers.
Owens told TechCrunch that the macOS software vulnerability allowed him to hack into users' systems using an innocuous-looking file. "All the user would need to do is double click — and no macOS prompts or warnings are generated."
Owens proved his case by creating a proof-of-concept app that masqueraded as an innocent document; he demonstrated that he could remotely launch the Calculator app using the macOS exploit. With this bug, malicious actors could do much worse (e.g. remotely access users' private data).
"This is likely the worst or potentially the most impactful bug to everyday macOS users [in recent memory]," Patrick Wardle, a macOS cybersecurity expert, told Motherboard. Wardle, by the way, discovered the first M1-based malware strain dubbed "Silver Sparrow."
Owens reported the malicious software bug to Apple on March 25. On Monday, Apple addressed the issue with macOS version 11.3, which updates XProtect, macOS' built-in security feature, to detect the exploit Owens discovered.
Although Apple patched the security bug, Wardle isn't letting Apple off the hook that easily. He told Forbes that the vulnerability "undermines so much of Apple's security efforts. Clearly this code was never audited."
Macs don't suffer the same level of cybersecurity threats as Windows, but these security flaws are a grave reminder that MacBooks are not immune to intrusive, harmful software.