Sign Me Up For
The Free Assessment


Security researcher Filippo Cavallarin spots an unpatched macOS malware vulnerability

Are you a Mac User? If yes, be careful opening up apps on a Mac. Fillipo Cavallarin, a security researcher was able to figure out a way on how malware makers can bypass the MacOS Gatekeeper protections in order for it to run malicious code.

He even published the details of what he discovered about this security hole on his website The way it works is – the feature prompts users to confirm they want to install applications from outside the Mac App Store.

Applications are handled differently with MacOS compared to Microsoft Windows. MacOS handles network shares and and the key is how it treats them as safe. He found a way to trick it into opening a ZIP file archive that is loaded with malicious code which in theory will enable hackers to ruin whatever code they would want on the machine.

Although the the vulnerability got discovered, it would still require the user to open up a zip file and trust the files it contains before it would work. It does seem to be a valid vulnerability to get around the Gatekeeper protection that it has put in place.

As a security researcher, he has reported it to Apple 90 days ago and was told it has been addressed. Ironically, the latest MacOS 10.14.5 still contains this vulnerability.

It is alarming since it was supposed to have been dealt with according to Apple since May 15, 2019 as per Filippo Cavallarin; however his emails to Apple has always been dropped since then. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”

As of the time of this writing, Apple has not responded to the vulnerability that he has reported. So as end users, we do not have any news yet when this is really going to be patched up.

As a rule of thumb, always treat incoming files as suspicious on may it be on Mircrosoft Windows, MacOS etc., since it might have the ability to run malicious code on your computer.

Written by

No Comments Yet.

Leave a Reply


[contact-form-7 id="5555" title="Mobile Form"]