Apple macOS users have been urged to update their Macs to ensure protection against a zero-day vulnerability that has been exploited by attackers since at least January

The flaw allows hackers to bypass a set of macOS security protocols and deploy malware on affected machines It may be one of the worst vulnerabilities to hit Apple computers in years

Security researcher Cedric Owens identified the security bug in March, noting that it affects "all recent versions of macOS," including macOS versions 1015 Catalina through 112 Big Sur, released in October 2019

Normally, macOS security mechanisms such as Gatekeeper and File Quarantine block malicious files and unsigned software from being installed on a Mac However, Owens discovered that this zero-day flaw allows these failures to be circumvented, creating a malicious file that can be clicked on and executed without the macOS security warning

Owens attributed this to a logic error in the macOS code that caused the system to misclassify the malware, creating a workaround for Apple's defenses

As we have previously mentioned, such "Trojan horse" apps play a key role in letting malware take the keys to the machine

We have seen crypto-casinos planted in seemingly harmless children's apps in the App Store, not to mention the recent news of a fake Netflix app that spreads malware to Android phones

In short, apps are attractive to scammers: if they can convince users to download or run an app that is not in the App Store, or if they can be wedged in between other App Store apps to make them look like legitimate apps, they provide an easy entry point to exploit users' machines Apps are attractive to fraudsters because they can provide an easy entry point to exploit a user's machine This is where built-in security measures come into play, essentially protecting the user from themselves

This time Owens discovered that Gatekeeper was unable to properly check certain scripts in the app He used a tool called Appify, which in 2011 provided a legitimate tool that bypassed Gatekeeper's checks and allowed developers to create basic apps with just scripts

Owens took his knowledge of these past vulnerabilities with him and created a test program that hid malware in seemingly harmless documents

Owens was able to pass the latest macOS software even with Gatekeeper on its most stringent security settings No warnings were issued, and the malware provided Owens with remote control of the Mac, bypassing Apple's defenses

A tweet from Mac security researcher Patrick Wardle shows the attack in an animated GIF The calculator app pops up, meaning the remote attacker has full control of the machine (Wardle also wrote a detailed blog post on how this flaw can be exploited)

Owens immediately informed Apple of the bug Cupertino released macOS Big Sur 113 yesterday (April 26) with a patch that squashes this bug, along with several other fixes

The new macOS Big Sur 113 update is freely downloadable on all eligible Macs using the Software Updates section of System Preferences

If you are using a macOS machine, we recommend that you update it as soon as possible This is especially important because of the active exploitation of zero-day flaws

Zero-day flaws tend to be discovered and patched before they are exploited In this case, however, the bug is being exploited by hackers

Security firm Jamf Protect reports that the flaw has been actively exploited since January 9, 2021; Shlayer, a notorious piece of macOS malware, was the preferred attack vector for cyber attackers who took advantage of this zero-day vulnerability 33] [

Jamf's security team observed that this "exploit is being used in the wild by variants of the Shlayer adware dropper"

The exploit is also being used in the wild by a variant of the Shlayer adware dropper

Like most attack vectors that deliver adware payloads, this malware was introduced to make money for the crooks through fake clicks and fake ad views

Despite the results of this survey, it is still unclear how many machines overall were affected

Our advice, as always, is to not download anything from untrusted sources and always make sure your system is on the latest OS version But even that is not always enough to deter sophisticated and determined hackers from trying to plunder access to your system

Details Chrome and Edge Hacked by New Zero-Day Flaw - What to Do