News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    Home Forums AskWoody support Non-Windows operating systems macOS MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    Viewing 0 reply threads
    • Author
      Posts
      • #197557 Reply
        Kirsty
        Da Boss

        MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
        A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.

        By Kelly Sheridan | June 12, 2018

         
        When is Apple-signed code not actually signed by Apple? When a hacker can manipulate the code-signing process to impersonate Apple and sign off on malicious code, bypassing common third-party security tools and tricking users into thinking illegitimate software is verified.

        Such a bypass attack has been possible for years on macOS and older versions of OS X, thanks to a flaw in Apple code-signing APIs, explains Josh Pitts, staff engineer for research and exploitation at Okta.

        Affected Vendors and Available Patches:
        Security tools built into macOS are not exposed, and affected vendors and open-source projects have been alerted to the bypass, Okta reports. Developers are responsible for properly using the code-signing API, and POCs are released to help test their code.

        Here are the affected vendors:
        VirusTotal (CVE-2018-10408)
        Google – Santa, molcodesignchecker (CVE-2018-10405)
        Facebook – OSQuery (CVE-2018-6336)
        Objective Development – LittleSnitch (CVE-2018-10470)
        F-Secure – xFence, also LittleFocker (CVE-2018-10403)
        Objective-See – WhatsYourSign, ProcInfo, KnockKnock, LuLu, TaskExplorer, others (CVE-2018-10404)
        Yelp – OSXCollector (CVE-2018-10406)
        Carbon Black – Cb Response (CVE-2018-10407)

        Mac users should apply all necessary fixes to protect against malicious software that tries to manipulate the code-signing process. “If enterprises are using illicit software, they need to update,” Pitts emphasizes.

         
        Read the full article here

        2 users thanked author for this post.
    Viewing 0 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.