Skip to main content

MacBooks face serious malware risk — update to macOS Big Sur 11.3 ASAP

macOS Big Sur review
(Image credit: Laptop Mag)

MacBook owners are scrambling to update their laptops to macOS Big Sur 11.3 after security researcher Cedric Owens discovered a malicious software bug that slips through macOS' security defenses.

This vicious security vulnerability ravaged Mac devices for months before Apple released a patch this week that obstructs the harmful, intrusive software (via TechCrunch).

Unknown macOS bug labeled as "most impactful" malware in recent history

Apple is known for running a tight ship with its macOS software security defenses, but somehow, an unknown software bug managed to bypass macOS protections such as File Quarantine, Gatekeeper and app notarization requirements. The exploit lets hackers take control of victims' computers.

macOS warning

Example of macOS warning prompt (Image credit: Apple)

Owens told TechCrunch that the macOS software vulnerability allowed him to hack into users' systems using an innocuous-looking file. "All the user would need to do is double click — and no macOS prompts or warnings are generated." 

Owens proved his case by creating a proof-of-concept app that masqueraded as an innocent document; he demonstrated that he could remotely launch the Calculator app using the macOS exploit. With this bug, malicious actors could do much worse (e.g. remotely access users' private data).

"This is likely the worst or potentially the most impactful bug to everyday macOS users [in recent memory]," Patrick Wardle, a macOS cybersecurity expert, told Motherboard. Wardle, by the way, discovered the first M1-based malware strain dubbed "Silver Sparrow."

Best Laptops of the Year

M1 Macbook (Image credit: Laptop Mag)

Owens reported the malicious software bug to Apple on March 25. On Monday, Apple addressed the issue with macOS version 11.3, which updates XProtect, macOS' built-in security feature, to detect the exploit Owens discovered.

Although Apple patched the security bug, Wardle isn't letting Apple off the hook that easily. He told Forbes that the vulnerability "undermines so much of Apple's security efforts. Clearly this code was never audited."

Macs don't suffer the same level of cybersecurity threats as Windows, but these security flaws are a grave reminder that MacBooks are not immune to intrusive, harmful software.