Tag Archive for: MacOS

A Single Flaw Broke Every Layer of Security in MacOS

/in


Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.

The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. “It’s basically one vulnerability that could be applied to three different locations,” he says.

After deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP), a key defense designed to stop authorized code from accessing sensitive files on a Mac.

Alkemade—who is presenting the work at the Black Hat conference in Las Vegas this week—first found the vulnerability in December 2020 and reported the issue to Apple through its bug bounty scheme. He was paid a “pretty nice” reward for the research, he says, although he refuses to detail how much. Since then Apple has issued two updates to fix the flaw, first in April 2021 and again in October 2021.

When asked about the flaw, Apple said it did not have any comment prior to Alkemade’s presentation. The company’s two public updates about the vulnerability are light on detail, but they say the issues could allow malicious apps to leak sensitive user information and escalate privileges for an attacker to move through a system.

Apple’s changes can also be seen in Xcode, the company’s development workspace for app creators, a blog post describing the attack from Alkemade says. The researcher says that while Apple fixed the issue for Macs running the Monterey operating system,…

Source…

Chinese malware hides in App Store apps for macOS

/in


A Chinese publisher has managed to deceive the vigilance of Apple, which has accepted malicious applications on the App Store for macOS.

Apple puts a lot of its communication on the security of the App Store, its application store, thus justifying more closed ecosystems than Android or Windows. But even the apple brand is not infallible and can overlook threats. This is according to a report by Alex Kleber, a cybersecurity researcher, who identified several malicious Chinese apps on the macOS App Store.

The investigation uncovered seven different Apple developer accounts, actually belonging to a single China-based publisher. Applications from this publisher contain hidden malware that can receive commands from a server. Thus, the malicious code can be active only once the application in question has been available on the App Store, and thus deceive Apple’s security systems.

Investigation report about the abuse of the Mac App store

Apple App Store

Using this technique, the developer can even change the interface of the application entirely. The app validated by Apple therefore bears no resemblance to the app that is ultimately downloaded and installed by users. To make it harder to trace them, all communication is with domains using services like Cloudflare and GoDaddy. Which allows them to hide their hosting provider.

One of the applications is a PDF reader that has got a countless times downloads on the App Store for macOS in the United States. Even making it one of the most installed apps. The app requires a paid subscription, while it offers the same features as any regular free PDF reader. Or even does not work at all.

To make believe that the app is legitimate and encourage users to download it. It is drowned in false positive comments, which hide the real opinions denouncing it. Since the report’s release, Apple has responded by removing many fake reviews of these apps. Some of them are no longer available in the App Store altogether.

Source…

Android Vs Windows Vs macOS

/in


According to Apple Insider, more than 34 million new malware samples have been discovered so far in 2022. A report from “Atlas data” reveals that by 2022, malware developers will create more than 316,000 new malware threats every day. The team’s information is based on data analysis of independent antivirus and security vendor AV-Test GmbH. The Windows system is the most vulnerable mobile system. However, Google’s Android system is more vulnerable than the macOS system. 

Android Vs Windows Vs iOS

January saw the largest increase in new malware development, with 11.41 million new malware samples registered in the first month of 2022. There were 8.93 million malware samples in February relative to 8.77 million in March. By the end of the first quarter of 2022, there were 29.11 million new malware threats. By this count, at least 5.65 million new malware samples were discovered in April.

As for the breakdown between platforms, Microsoft Windows had 25.48 million new malware samples in 2022. For the Android system, the new malware is only 536,000. This is quite unprecedented as we expected the number to be much higher. As for the macOS system, it had the least malware samples in 2022. The report claims that there were only about 2000 new malware samples. 

Despite the relative rarity of macOS malware, Apple still found the number of threats on the platform “unacceptable” compared to iOS. Vulnerabilities and exploits are not unheard of on iOS, but they are rarer than on macOS. The prevalence of malware on competing platforms such as Android and Windows has been at the heart of Apple’s arguments against opening up its platforms. Apple has repeatedly argued that opening up its system as the U.S. and European Union antitrust request could cause real harm to user privacy and security.

Microsoft Windows 11 Android Subsystem Update

Microsoft updated the WSA (Android-based Windows Subsystem) on the Win11 system (version 2204.40000.15.0). The system version was updated to Android 12.1, which is Android 12L. Thanks to this, Android apps are now better integrated with Windows, and you can now see which apps are using your microphone. Users can also see information on private information like…

Source…

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

/in


Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That’s how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there.

Fitzl, a content developer for Offensive Security, says he reread and studied the winning six-exploit chain that the researchers used to hack macOS. One of the exploits in that chain weaponized a privilege escalation bug, which Apple later fixed. But there still was a hole, and he found it: “Although Apple fixed it properly, but still there was an extra function … that basically opened up another vulnerability to be utilized a bit differently than the original one,” Fitzl explains.

Apple’s original fix for the flaw allowed an attacker to change ownership of a directory in macOS. But Fitzl discovered that he could create a new directory on the targeted system, which could allow an attacker to escalate their privileges on macOS. “Although you had to use different techniques to get through to the system, but because you could create an arbitrary directory anywhere on the system, you could elevate your privileges to root,” he says.

It was basically the same logic flaw but in a different piece of the code. Apple has since patched the vulnerability Fitzl found as well.

This week at Black Hat Singapore, Fitzl will share technical details of this and two other vulns he found while drilling down on previous vuln research on macOS during a session entitled “macOS Vulnerabilities Hiding in Plain Sight.”

Apple had not responded to a request for comment as of this posting.

‘Something Is Not Right’
Fitzl says he didn’t actually spot traces of the new flaws linked to previous research until after he reread the research papers. “At some point it hit me that there is something not right. It turned out that there is a vulnerability not like the one initially documented,” he explains of his findings. “That eventually led to me to find or identify new vulnerabilities.”

The other two flaws he found include one that built upon research from Mickey Jin, who…

Source…