Press "Enter" to skip to content

Mac Security Error Allegedly Allows Intruders Bypass App Safeguards

Apple might have one more Gatekeeper security error on its end. Reviewer Filippo Cavallarin has briefed a macOS error that he claimed might allow bad actors download malware without the normal permission request. As Gatekeeper believes network shares to be secure locations that do not need permission verifications, an attacker just has to trick the consumers into placing one of those shares to operate the applications they like. A spitefully created ZIP file with the correct symbolic link might steer automatically you to an intruder-owned website, for instance, and it might be simple to trick somebody into rolling out a hostile application—for example, a virus camouflaged as a data folder.

Theoretically, the problem must have been solved by now. Cavallarin claimed that he told Apple of the error on February 22, 2019, and that was supposed to have been fixed for macOS 10.14.5. He claimed it was not, although, and that the firm had stopped answering to his emails. He was posting the error after offering Apple 90 Days to deal with the problem.

We have asked Apple for answers. The odds of unintentional exposure are not high when you will have to open a ZIP folder as well as whatever’s within the network share, but this can trip up users who are not well aware with either distant shares or the dangers of unsolicited data. It also highlights the dangers of explicitly trusting specific networks, even if there is often a good purpose for it.

On a related note, only days after rolling out extensions of Windows Defender for Firefox and Chrome, Microsoft is bringing its antivirus tool to more services, beginning with the Mac. Obviously, it no longer makes logic to name it as Windows Defender, so now it is Microsoft Defender. Companies can access a premature preview of Mac’s Defender ATP on devices operating on macOS High Sierra, macOS Mojave, or macOS Sierra.