"Hackers Have Been Exploiting 'Dangerous' macOS Bug to Run Malware Campaign"

Hackers have found a way to evade the latest macOS protections. Apple has released macOS Big Sur 11.3, an update to the Mac operating system. The update addresses a flaw that exists in macOS Catalina 10.15 and macOS Big Sur. The exploitation of this flaw could allow hackers to circumvent Apple's different mechanisms, including Gatekeeper, File Quarantine, and the application notarization review process, put in place to protect users from bad code. According to Cedric Owens, the security researcher who originally discovered the flaw, all users have to do is double click a .dmg file when presented with a seemingly harmful document, and then the hackers could have remote access to victims' machines. Owens has said that this is the most dangerous macOS phishing payload that they have encountered so far as the victim only has to extract the .dmg or .zip file and double click the payload. Gatekeeper and other macOS security mechanisms did not alert the user, thus providing no indication of malware infection. It has the potential to be the most impactful bug to everyday macOS users. The issue stemmed from a logic bug that allowed hackers to target users with malicious applications that evade Apple's methods for blocking bad applications. This article continues to discuss the macOS bug that hackers have been exploiting to run a malware campaign.

CyberScoop reports "Hackers Have Been Exploiting 'Dangerous' macOS Bug to Run Malware Campaign"