The ‘Worst Hack In Years’ Hits Apple Computers


Protect Your Access to the Internet

Apple Mac users are being urged to update their macOS software now, as they’re at “grave risk” of hackers exploiting what’s been described as one of the worst vulnerabilities to affect the tech giant’s computers in years. Malware that takes advantage of the bug has been hitting Macs since at least January, making patching all the more urgent.

The hacks effectively take Mac security back a decade, according to Patrick Wardle, a former NSA analyst and a macOS security expert, who described it as one of the worst security issues to have ever hit the Apple operating system. Malicious hackers can and have created malware that, though unsigned, is misclassified by Apple’s operating system, thanks to a logic error in macOS’ code. That means malware can skip all the checks done by Apple’s security mechanisms like Gatekeeper and File Quarantine, which are designed to stop any unapproved, dangerous apps from running.

There’s one caveat: The hackers have to convince a user to download or run an app that’s not in the App Store or allowed by Apple. But once that’s done, the malware won’t be stopped installing by the Mac’s defensive tools, though macOS should stop any changes to critical system files and ask the user if the app can access photos, the mic or other systems. For anyone still running an unpatched macOS, Wardle’s advice was simple: “Don’t open anything from anybody.”

It affects all recent versions of macOS but Apple has released a patch that prevents the attacks. Version Big Sur 11.3 is available now and contains other fixes besides addressing this bug.

To Wardle, it’s startling Apple ever shipped the code in the first place. “it undermines so much of Apple’s security efforts. Clearly this code was never audited,” he told Forbes. “It’s trivial to weaponize 100% reliably.”

An Apple spokesperson said the company has now addressed the issue in macOS 11.3 and updated XProtect, its malware detection, to block the malware using this technique. That XProtect update will…