You might recall that I told you about a macOS Mojave vulnerability in which there is a way to bypass the Gatekeeper security functionality of macOS. And what’s worse is that even though this was demonstrated to be exploitable, Apple stopped responding to the emails of the person who discovered it. Not only that, it remains unpatched in macOS Mojave 10.14.5.
Now it appears that this is now being exploited in the wild. Security company Intego now says that it has discovered an example of this vulnerability being exploited:
Early last week, Intego’s malware research team discovered the first known uses of Cavallarin’s vulnerability, which seem to have been used—at least at first—as a test in preparation for distributing malware.
And:
It seems that malware makers were experimenting to see whether Cavallarin’s vulnerability would work with disk images, too.
The disk image files were either an ISO 9660 image with a .dmg file name, or an actual Apple Disk Image format .dmg file, depending on the sample. Normally, an ISO image has a .iso or .cdr file name extension, but .dmg (Apple Disk Image) files are much more commonly used to distribute Mac software. (Incidentally, several other Mac malware samples have recently been using the ISO format, possibly in a weak attempt to avoid detection by anti-malware software.)
Intego observed four samples that were uploaded to VirusTotal on June 6, seemingly within hours of the creation of each disk image, that all linked to one particular application on an Internet-accessible NFS server.
Clearly the people behind this were trying this out in preparation for a larger attack of some sort at some later date. That’s very, very bad. And the fact that Apple has left this unpatched means that a lot of Macs are at risk of an attack that is clearly inbound. Thus you have to wonder what Apple is going to do to address this quickly.
In the meantime, users in the absence of Apple taking any meaningful action to protect their users from this threat will have to protect themselves. Meaning that you should have some sort of anti-virus app in place and only download apps from trusted sources such as the App Store. That’s good advice in general. But it’s absolutely crucial given the potential damage that this unpatched vulnerability could cause.
Like this:
Like Loading...
Related
This entry was posted on June 25, 2019 at 9:38 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Unpatched macOS Mojave Vulnerability Now Being Exploited In The Wild
You might recall that I told you about a macOS Mojave vulnerability in which there is a way to bypass the Gatekeeper security functionality of macOS. And what’s worse is that even though this was demonstrated to be exploitable, Apple stopped responding to the emails of the person who discovered it. Not only that, it remains unpatched in macOS Mojave 10.14.5.
Now it appears that this is now being exploited in the wild. Security company Intego now says that it has discovered an example of this vulnerability being exploited:
Early last week, Intego’s malware research team discovered the first known uses of Cavallarin’s vulnerability, which seem to have been used—at least at first—as a test in preparation for distributing malware.
And:
It seems that malware makers were experimenting to see whether Cavallarin’s vulnerability would work with disk images, too.
The disk image files were either an ISO 9660 image with a .dmg file name, or an actual Apple Disk Image format .dmg file, depending on the sample. Normally, an ISO image has a .iso or .cdr file name extension, but .dmg (Apple Disk Image) files are much more commonly used to distribute Mac software. (Incidentally, several other Mac malware samples have recently been using the ISO format, possibly in a weak attempt to avoid detection by anti-malware software.)
Intego observed four samples that were uploaded to VirusTotal on June 6, seemingly within hours of the creation of each disk image, that all linked to one particular application on an Internet-accessible NFS server.
Clearly the people behind this were trying this out in preparation for a larger attack of some sort at some later date. That’s very, very bad. And the fact that Apple has left this unpatched means that a lot of Macs are at risk of an attack that is clearly inbound. Thus you have to wonder what Apple is going to do to address this quickly.
In the meantime, users in the absence of Apple taking any meaningful action to protect their users from this threat will have to protect themselves. Meaning that you should have some sort of anti-virus app in place and only download apps from trusted sources such as the App Store. That’s good advice in general. But it’s absolutely crucial given the potential damage that this unpatched vulnerability could cause.
Share this:
Like this:
Related
This entry was posted on June 25, 2019 at 9:38 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.