macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.
According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.
"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."
In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.
Popular Stories
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence.
Image credit: Reddit user No_Highlight7476
The Turbo feature provides enhanced network performance through ...
We're officially just one week away from Black Friday, which will take place on Friday, November 29 in 2024. As always, this week is the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
Anker today kicked off its big Black Friday sale, which is set to run through December 9. This sale includes notable discounts on portable chargers, USB-C hubs, cables, and more.
Note: MacRumors is an affiliate partner with Anker. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
There are a few bonus offers during this event as ...
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 29 through Monday, December 2 in many countries, including the U.S., Canada, Australia, France, Germany, Italy, Spain, the U.K., and others. During the event, customers can get an Apple gift card with the purchase of an eligible product.
In the U.S., for instance, Apple is including gift ...
Apple has partnered with select merchants to offer Apple Card users three percent Daily Cash back on their purchases, and two new companies were added to the partner list today. When purchasing goods and services from Booking.com and ChargePoint, Apple Card users will now get more cash back.
Booking.com is a site for reserving flights, cars, cruises, and hotels, while ChargePoint sells...
Amazon today has knocked the price off of multiple M3 MacBook Air models, with as much as $300 off select computers. Prices start at $849.00 for the 13-inch M3 MacBook Air (16GB RAM/256GB), and also include multiple 15-inch models as well.
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site ...
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
