Critical vulnerabilities of MacOS Mojave are actively exploited by hackers.
Cybercriminals actively exploit a vulnerability in MacOS Mojave that bypasses Gatekeeper, a technology that enables only trusted software to run.
The gatekeeper “considers” external media and network file resources to be safe and allows launching without checking the signatures of any applications from the specified resources.
Also, two features of MacOS are used to implement the vulnerability:
- autofs and paths “/net/*” allow users to automatically mount network file resources starting with “/net/”. For example, when listing an NFS resource: ls/net/evil-resource.net/shared/.
- zip archives can contain symbolic link files that lead to automounting when unpacking the archive on the target system.
Thus, the following attack scenario can be used to bypass Gatekeeper.
The attacker creates a zip archive with a symbolic link to the resource he controls and sends it to the victim. The victim unpacks the archive, which causes the attacker to mount and add to the "trusted" resource. The monitored resource hosts the * .app application, which, with the standard settings of the Files file manager, is reflected as a local directory or another harmless object. However, the .app extension is hidden and the full path to the resource is not displayed.
Exploit vulnerability example:
Details were published by a month ago
, which allowed attackers to create malicious software and actively exploit it.
MacOS users should refrain from installing applications or downloading files from questionable sources.
Source text: Critical vulnerabilities of MacOS Mojave are actively exploited by hackers.