Mac security hole reportedly lets attackers bypass app safeguards
Apple may have another Gatekeeper security flaw on its hands. Researcher Filippo Cavallarin has detailed a macOS vulnerability that he said would let attackers install malware without the usual permission request. As Gatekeeper considers network shares to be ‘safe’ locations that don’t require permission checks, an intruder just has to trick the user into mounting one of those shares to run the apps they like. A maliciously crafted ZIP file with the right symbolic link could automatically steer you to an attacker-owned site, for example, and it would be easy to trick someone into launching a hostile app — say, a virus masquerading as a document folder.
In theory, the issue should have been fixed by now. Cavallarin said he notified Apple of the vulnerability on February 22nd, and that was supposed to have been resolved as of macOS 10.14.5. He said it wasn’t, though, and that Apple had stopped responding to his emails. He was publishing the flaw after giving Apple 90 days to address the issue.
We’ve asked Apple for comment. The chances of inadvertent exposure aren’t high when you’ll have to open a ZIP file as well as whatever’s inside the network share, but this could trip up people who aren’t familiar with either remote shares or the risks of unsolicited files. It also underscores the risks of explicitly trusting certain network environments, even if there’s often a good reason for it.