News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • All Your Macs Are Belong To Us

    Home Forums AskWoody support Non-Windows operating systems macOS All Your Macs Are Belong To Us

    Viewing 2 reply threads
    • Author
      • #2363371
        AskWoody Plus

        bypassing macOS’s file quarantine, gatekeeper, and notarization requirements

        ..But first, go update your macOS systems to 11.3, as it contains a patch for a massive bug that affects all recent versions of macOS…a bug that is the topic of this blog post.

        This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk:..…and especially worrisome, turns out malware authors are already exploiting it in the wild as an 0day.

        Apple patched the bug as CVE-2021-30657, noting “a malicious application may bypass Gatekeeper checks”
        The security researcher Cedric Owens uncovered the flaw and initially reported the bug to Cupertino. Epic find Cedric! 🤩

        Cedric notes the bug manifested while building red team payloads via the appify developer tool. He’s posted a must read, that provides step by step details on how this bug may be practically leveraged to surreptitiously deliver payloads in red team exercises:

        “macOS Gatekeeper Bypass (2021) Addition”.
        However, as the underlying cause of the bug remained unknown, our blog post focuses on uncovering the reason …ultimately discovering a flaw that lay deep within macOS’s policy subsystem(s)…

      • #2363374
        AskWoody MVP

        Didn’t you post about this nine days ago?

        Your link there includes this link here.

        Windows 10 Pro version 21H1 build 19043.1052 + Microsoft 365 (group ASAP)

        • #2363376
          AskWoody Plus

          Didn’t remember 🙁

          This article has a detailed drill down of the bug.

      • #2363379
        AskWoody Plus

        In that previous comment by Alex b has referred to:

        Apple told TechCrunch it fixed the bug in macOS 11.3. Apple also patched earlier macOS versions to prevent abuse, and pushed out updated rules to XProtect, macOS’ in-built anti-malware engine, to block malware from exploiting the vulnerability…

        I am on Mojave (10.14.6) and got an update about a week ago that I installed a few days later. Also, I don’t use Safari, that is mentioned as vulnerable in the article. My plan, so far, has been to skip Catalina (11.3) and to move directly from Mojave, in August, to BigSur. So I am rather confident that I can stay reasonably safe — as, at best, is always the case — following this plan.

        Anything definitely wrong with any of that? Please, let me know, if you are sure the answer is “yes”, and also why.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        • #2363389
          AskWoody Plus

          A quick follow on to my previous comment: I just had a look for what might be “waiting to install” in the Mac, and found and installed the latest patch for Safari, the Mac’s browser from Apple, even if I don’t use it. Because who knows how software relate and get along and help each other inside there?

          Then I wished myself good luck and left myself alone.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          1 user thanked author for this post.
        • #2363443

          I have upgraded from Catalina to Big Sur on my 13-inch MacBook Pro 2020 about a week ago. Big Sur is usable and I have not experienced any serious, show-stopping bugs. YMMV of course, but Big Sur has been generally okay for me and has matured enough for me to allow it onto my primary machine. You should definitely be good to go in August to make the upgrade.

          Safari updates are very painless to install, thankfully. I usually install them as soon as they are available, since they don’t require a restart, and a buggy browser update is far less destructive than a botched OS update that takes hours to fix.

    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: All Your Macs Are Belong To Us

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.