News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    Home Forums AskWoody support Other platforms – for Windows wonks macOS for Windows wonks MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    This topic contains 0 replies, has 1 voice, and was last updated by

     Kirsty 1 year, 1 month ago.

    • Author
      Posts
    • #197557 Reply

      Kirsty
      Da Boss

      MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
      A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.

      By Kelly Sheridan | June 12, 2018

       
      When is Apple-signed code not actually signed by Apple? When a hacker can manipulate the code-signing process to impersonate Apple and sign off on malicious code, bypassing common third-party security tools and tricking users into thinking illegitimate software is verified.

      Such a bypass attack has been possible for years on macOS and older versions of OS X, thanks to a flaw in Apple code-signing APIs, explains Josh Pitts, staff engineer for research and exploitation at Okta.

      Affected Vendors and Available Patches:
      Security tools built into macOS are not exposed, and affected vendors and open-source projects have been alerted to the bypass, Okta reports. Developers are responsible for properly using the code-signing API, and POCs are released to help test their code.

      Here are the affected vendors:
      VirusTotal (CVE-2018-10408)
      Google – Santa, molcodesignchecker (CVE-2018-10405)
      Facebook – OSQuery (CVE-2018-6336)
      Objective Development – LittleSnitch (CVE-2018-10470)
      F-Secure – xFence, also LittleFocker (CVE-2018-10403)
      Objective-See – WhatsYourSign, ProcInfo, KnockKnock, LuLu, TaskExplorer, others (CVE-2018-10404)
      Yelp – OSXCollector (CVE-2018-10406)
      Carbon Black – Cb Response (CVE-2018-10407)

      Mac users should apply all necessary fixes to protect against malicious software that tries to manipulate the code-signing process. “If enterprises are using illicit software, they need to update,” Pitts emphasizes.

       
      Read the full article here

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.