BUG BOY Mac OS
About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features Press Copyright Contact us Creators. If your Apple laptop or computer is running the latest version of its operating system, you may have found yourself unable to turn off the Do Not Disturb function. Users of macOS Big Sur have been. In Apple’s early days, their laptops were often a tough sell, because many Windows-only programs didn’t have functional equivalents for the Apple OS X operating system. But now that most software is web-based, and most developers have Mac-friendly versions of their applications, MacBooks are for everyone. If you need to purchase Mac OS X 10.7 Lion, you may order it from this page. The most current version of OS X is OS X 10.9 Mavericks. To learn more, please click here. What do you receive: An email with a content code for the Mac App Store. Note: Content codes are usually delivered within 1 business day but may occasionally take longer. The use of content codes and redeemed software is subject. Best Mac emulators guide: Emulate Mac OS 9 with SheepShaver. Should you want to delve into the Apple period between the Macintosh Plus and OS X, SheepShaver will emulate Mac OS 7.5.2 through 9.0.4.
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.
Shlayer's creators have managed to get their malicious payloads through Apple's automated notarizing process before.
If they pass this automated security check, macOS apps are allowed by Gatekeeper—a macOS security feature that verifies if downloaded apps have been checked for known malicious content—to run on the system.
In the past, Shlayer also used a two-year-old technique to escalate privileges and disable macOS' Gatekeeper to run unsigned second-stage payloads in a campaign detected by Carbon Black’s Threat Analysis Unit.
Zero-day exploited in the wild to deploy malware
The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability (tracked as CVE-2021-30657), discovered and reported to Apple by security engineer Cedric Owens.
As revealed by security researcher Patrick Wardle, this now fixed bug takes advantage of a logic flaw in the way Gatekeeper checked if app bundles were notarized to run on fully-patched macOS systems.
Wardle added that 'this flaw can result in the misclassification of certain applications, and thus would cause the policy engine to skip essential security logic such as alerting the user and blocking the untrusted application.'
Unlike previous variants that required victims to right-click and then open the installer script, recent malware variants abusing this zero-day and distributed using poisoned search engine results and compromised websites can be launched by double-clicking.
Today, Apple has released a security update to fix the vulnerability in macOS Big Sur 11.3 and block malware campaigns actively abusing it.
Users are now alerted that malicious apps 'cannot be opened because the developer cannot be identified' and advised to eject the mounted disk image because it may contain malware.
The Shlayer macOS malware
Shlayer is a multi-stage trojan that attacked over 10% of all Macs, according to a Kaspersky report from January 2020.
Intego's research team spotted Shlayer for the first time in a malware campaign in February 2018, camouflaged as a fake Adobe Flash Player installer just as many other malware families targeting macOS users.
Unlike original variants, which were pushed via torrent sites, new Shlayer samples are now spread via fake update pop-ups shown on hijacked domains or clones of legitimate sites, or in far-reaching malvertising campaigns plaguing legitimate websites.
After infecting a Mac, Shlayer installs the mitmdump proxy software and a trusted certificate to analyze and modify HTTPS traffic, allowing it to monitor the victims' browser traffic or inject ads and malicious scripts in visited sites.
Even worse, this technique allows the malware to alter encrypted traffic, such as online banking and secure email.
While Shlayer's creators currently only deploy only adware as a secondary payload, they can quickly switch to more dangerous payloads such as ransomware or wipers at any time.
One more zero-day exploited in the wild fixed today
Today, the company another WebKit Storage zero-day bug exploited in the wild, tracked as CVE-2021-30661, and impacting iOS and watchOS devices by improving memory management.
The vulnerability allows attackers to execute arbitrary code after tricking targets into opening a maliciously crafted website on their devices.
The list of affected devices includes those running:
- Apple Watch Series 3 and later
- iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
In total, with today's security updates for macOS and iOS bugs exploited in the wild, Apple has addressed nine zero-days since November.
The company patched three other iOS zero-days—a remote code execution bug (CVE-2020-27930), a kernel memory leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod devices in November.
In January, Apple fixed a race condition bug in the iOS kernel (tracked as CVE-2021-1782) and two WebKit security flaws (tracked as CVE-2021-1870 and CVE-2021-1871).
Related Articles:
Apple Mac users are being urged to update to macOS Big Sur 11.3, released today, which patches a “massively bad” vulnerability that could allow malware to bypass layered protections built into the operating system.
The bug was uncovered by security researcher Cedric Owens, who reported it to Apple.
In a long technical blog post, fellow security researcher Patrick Wardle said the bug “trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk” and that “malware authors are already exploiting it in the wild as an 0day”.
The bug was given the common vulnerabilities and exposures (CVE) reference CVE-2021-30657 in Apple security notes, where it is described as a “logic issue” that could allow “a malicious application [to] bypass Gatekeeper checks”.
Gatekeeper was introduced in OSX Lion (10.7) as an added layer of protection when users downloaded executables from the internet.
It is one of three such protections built into macOS, all of which are intended to alert users about files downloaded from the internet, and to prevent malware writers from tricking users into infecting their machines.
However, Wardle noted, the bug discovered by Owens allowed an attacker “to trivially and reliably bypass all of these foundational mitigations”, without generating any system prompts that would warn the user something was amiss.
A proof-of-concept showed an app could be disguised as a document and “allowed to launch with no prompts nor alerts”.
Bug Boy Mac Os Update
“Since 2007, Apple has sought to protect users from inadvertently infecting themselves if they are tricked into running such malicious code. This is a good thing as sure, users may be naive, but anybody can make mistakes,” Wardle wrote.
“Unfortunately due to subtle logic flaw in macOS, such security mechanisms were proven fully and 100 percent moot, and as such we’re basically back to square one.
“We started with an unsigned, unnotarised, script-based proof-of-concept application that could trivially and reliably sidestep all of macOS’s relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization requirements) …even on a fully patched M1 macOS system.
“Armed with such a capability macOS malware authors could (and are) returning to their proven methods of targeting and infecting macOS users.”
Mac security firm Jamf said in a separate blog post that it had located Shlayer malware already exploiting the bug.
“To make the situation more urgent, the Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper,” it said.
“The variant has been repackaged to use a format necessary for carrying out the Gatekeeper bypass vulnerability.
“The Jamf Protect detection team identified samples found to be abusing this vulnerability as early as January 9, 2021.
“Shlayer continues to reintroduce itself with innovative ways to infect macOS-based systems.”
Jamf said that when malware exploiting the bug is launched on computers running Big Sur 11.3, “the user will see a pop-up message stating that the software ‘cannot be opened because the developer cannot be identified.’
“Since the malicious application is not notarised or signed with a valid developer’s certificate, the message will prompt the user to eject the mounted DMG containing the app bundle,” it added. https://truevfile268.weebly.com/water-balloonz-mac-os.html.
Owens praised Apple's quick response to patching the flaw.
'Kudos to Apple for rolling out a fix in Big Sur 11.3 beta 6 literally five days after I reported to them,' he wrote.
'The product security team at Apple was very responsive anytime I reached out with an inquiry.
Bug Boy Mac Os X
'I highly encourage you to update to Big Sur 11.3 soonest, as the fix has been applied .. so that Gatekeeper now properly blocks this payload on macOS 11.3.'