Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    Home Forums AskWoody support Other platforms – for Windows wonks macOS for Windows wonks MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    This topic contains 0 replies, has 1 voice, and was last updated by  Kirsty 4 days, 18 hours ago.

    • Author
      Posts
    • #197557 Reply

      Kirsty
      AskWoody MVP

      MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
      A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.

      By Kelly Sheridan | June 12, 2018

       
      When is Apple-signed code not actually signed by Apple? When a hacker can manipulate the code-signing process to impersonate Apple and sign off on malicious code, bypassing common third-party security tools and tricking users into thinking illegitimate software is verified.

      Such a bypass attack has been possible for years on macOS and older versions of OS X, thanks to a flaw in Apple code-signing APIs, explains Josh Pitts, staff engineer for research and exploitation at Okta.

      Affected Vendors and Available Patches:
      Security tools built into macOS are not exposed, and affected vendors and open-source projects have been alerted to the bypass, Okta reports. Developers are responsible for properly using the code-signing API, and POCs are released to help test their code.

      Here are the affected vendors:
      VirusTotal (CVE-2018-10408)
      Google – Santa, molcodesignchecker (CVE-2018-10405)
      Facebook – OSQuery (CVE-2018-6336)
      Objective Development – LittleSnitch (CVE-2018-10470)
      F-Secure – xFence, also LittleFocker (CVE-2018-10403)
      Objective-See – WhatsYourSign, ProcInfo, KnockKnock, LuLu, TaskExplorer, others (CVE-2018-10404)
      Yelp – OSXCollector (CVE-2018-10406)
      Carbon Black – Cb Response (CVE-2018-10407)

      Mac users should apply all necessary fixes to protect against malicious software that tries to manipulate the code-signing process. “If enterprises are using illicit software, they need to update,” Pitts emphasizes.

       
      Read the full article here

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.