KEY POINTS

  • The zero-day vulnerability allows hackers to bypass the macOS security system
  • Hackers are now taking advantage of the bug
  • Apple patched the macOS Big Sure 11.3

The macOS is reportedly facing a zero-day vulnerability, and macOS devices of various versions, including the newer ones, are at risk. This unknown bug has allowed hackers to deploy malware on numerous computers, researchers who discovered the flaw warned. 

Here is what you need to know about the bug and how to keep your Apple computers protected.

Researchers confirmed the presence of zero-day vulnerability on macOS-powered devices. The bug reportedly opens a pathway for security threats to enter the mac system by allowing them to bypass the Apple device’s security protocol, Gizmodo reported.

The Gatekeeper, File Quarantine and other macOS security features were supposed to block the download and installation of any malicious programs from the internet. However, the zero-day vulnerability did a workaround that removed the security features’ capability to detect and block the hackers.

The threat actors then invade the affected macOS system by installing and deploying malware through software packages.

Researchers created their own test programs to see how the bug disables the macOS security protocols protection. Cedric Owens, a security researcher, hid a test program inside a non-suspicious-looking document, and ran it through a macOS security program intended to verify if a program came from a trusted developer. Surprisingly, the security program did not block the document with a hidden malicious program.

Gizmodo reported hackers are taking advantage of the zero-day vulnerability by bypassing the macOS security protocols and entering the macOS system by prompting the users to download and install a malicious software package.

Recent reports identified Shlayer malware as one of the threat actors exploiting the bug, Bleeping Computer reported. Shlayer malware is a commonly known malicious adware that targets macOS systems.

At the moment, the patched zero-day vulnerability affects almost all versions of macOS. That includes macOS Catalina 10.15 to macOS Big Sur 11.2

Apple recently patched the bug on macOS Big Sur 11.3. During the attempted attack, the updated devices will receive a notification that the app cannot be opened and the developer cannot be identified. This means, Mac users, who update to the latest version of the operating system, are free from the potential threat, Bleeping Computer reported.

In order to keep their Apple computers protected from the bug, macOS users should take extra caution when prompted to download and install any program or software package they are not sure about.

Safari on macOS Big Sur Safari in macOS Big Sur offers great customization, faster speed, and improved privacy. Photo: Apple