Security researcher Filippo Cavallari recently discovered a vulnerability on macOS 10.14.5 that can bypass the first barrier to the macOS security functionality, Gatekeeper, which allows for running insecure software directly, and thus obtain the system's shell permissions. Gatekeeper is a key defensive measure in the Mac App Store. When your app is not securely signed, the system won't open the software.
However, in this test, Filippo successfully operated an unlicensed software. All you need to do is to automatically mount a network share in one specific directory, such as /net/evil.com/Documents and then you will be able to run a malicious app, where you gets the system shell access.
This exploit can cause a user to run the malicious app by acquiring malicious emails, which produces certain risks to the system. But getting the shell is a backdoor that requires the system to open ssh login, meaning this has little effect on the average user. as the average user does not activate the remote access feature in the sharing settings.
This vulnerability has been submitted to Apple, we expect the company to fix it rather sooner than later.
Image Via iDownloadBlog
However, in this test, Filippo successfully operated an unlicensed software. All you need to do is to automatically mount a network share in one specific directory, such as /net/evil.com/Documents and then you will be able to run a malicious app, where you gets the system shell access.
This exploit can cause a user to run the malicious app by acquiring malicious emails, which produces certain risks to the system. But getting the shell is a backdoor that requires the system to open ssh login, meaning this has little effect on the average user. as the average user does not activate the remote access feature in the sharing settings.
This vulnerability has been submitted to Apple, we expect the company to fix it rather sooner than later.
Image Via iDownloadBlog
Post a Comment