Unpatched macOS Mojave Vulnerability Now Being Exploited In The Wild

You might recall that I told you about a macOS Mojave vulnerability in which there is a way to bypass the Gatekeeper security functionality of macOS. And what’s worse is that even though this was demonstrated to be exploitable, Apple stopped responding to the emails of the person who discovered it. Not only that, it remains unpatched in macOS Mojave 10.14.5.

Now it appears that this is now being exploited in the wild. Security company Intego now says that it has discovered an example of this vulnerability being exploited:

Early last week, Intego’s malware research team discovered the first known uses of Cavallarin’s vulnerability, which seem to have been used—at least at first—as a test in preparation for distributing malware.


It seems that malware makers were experimenting to see whether Cavallarin’s vulnerability would work with disk images, too.

The disk image files were either an ISO 9660 image with a .dmg file name, or an actual Apple Disk Image format .dmg file, depending on the sample. Normally, an ISO image has a .iso or .cdr file name extension, but .dmg (Apple Disk Image) files are much more commonly used to distribute Mac software. (Incidentally, several other Mac malware samples have recently been using the ISO format, possibly in a weak attempt to avoid detection by anti-malware software.)

Intego observed four samples that were uploaded to VirusTotal on June 6, seemingly within hours of the creation of each disk image, that all linked to one particular application on an Internet-accessible NFS server.

Clearly the people behind this were trying this out in preparation for a larger attack of some sort at some later date. That’s very, very bad. And the fact that Apple has left this unpatched means that a lot of Macs are at risk of an attack that is clearly inbound. Thus you have to wonder what Apple is going to do to address this quickly.

In the meantime, users in the absence of Apple taking any meaningful action to protect their users from this threat will have to protect themselves. Meaning that you should have some sort of anti-virus app in place and only download apps from trusted sources such as the App Store. That’s good advice in general. But it’s absolutely crucial given the potential damage that this unpatched vulnerability could cause.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: