The discovery of a security loophole challenges Apple's reputation for being one of the most secured customer computers.
A cybersecurity researcher has recently found a flaw in MacOS’ security devices. This vulnerability could be likely used to allow malware infection in an Apple computer.
Security researcher Filippo Cavallarin discovered a security hole in Gatekeeper, a MacOS security feature. He said that this loophole could be used by hackers to sneak in malware into Apple computers.
He detailed his findings on his website – wearesegment.com.
Hackers are having difficulty invading the system by sending a program to run in an Apple device, Cavallarin explained. Even so, these computer experts can find ways to work around the system.
The key to the security breach is how MacOS handles network shared files and interprets them as safe. Even though it is difficult, Gatekeeper can still get tricked into opening a zip file containing malicious code. Since modern-day hackers have the skill to run any program, in theory, they can breach any computer's security.
Cavallarin said he already told Apple about the issue. He also gave the tech giant 90 days to address the vulnerability. If the company failed to come up a patch, would go public with his discovery.
But it seems Apple did not treat his warning seriously. He said the latest macOS 10.14.5 still has the same vulnerability. This inaction prompted him to publish his discovery online.
Dangers of Malware
Malware has become one of the world’s biggest security threats for computers. It is a highly infectious and destructive virus with serious repercussions. Previous attacks of this software were able to shut down businesses and city governments for days.
White-hat or ethical hackers have been able to protect systems against malware. They do this by reporting vulnerabilities and fixing bugs and other tasks for the common good. However, black-hat hackers are also getting more creative and more daring in their methodologies.
One classic example of a malware-powered cyberattack was the one against Bayer, a multinational pharmaceutical company. Google’s Chronicle discovered a Linux version of the malware named Winnti during its investigation. Analysts said Winnti was also the malware strain used in a 2015 attack against a Vietnamese gaming company.
Moreover, the underground malware development seems to persist despite intense crackdowns by governments and private entities. Recently, the US government indicted more than ten individuals connected with multiple malware attacks that have affected different companies.
