Vulnerability in macOS, the operating system does not check installed applications for signature compliance.
A serious vulnerability in the digital signature verification mechanism can lead to the compromise of applications installed on Apple computers.
Worse, not only many users, but also administrators are not aware of the problem, warned the head of the software development department for the Mac and mobile platforms of Malwarebytes, Thomas Reed.
Since the vulnerability in macOS operating system checks the digital signature of files very rarely, it is possible to easily modify applications already installed on the computer.
When an application is loaded, in fact, it is placed in quarantine, the system checks the executable files for the presence of known malware, and in its absence, the program receives the status of trusted software.
This is where the problem lies – the OS does not check the installed applications for signature compliance, Reed explained. Thus, attackers can infect almost any application that is already present on the system (if they have access to user libraries).
“The attacker will simply need to replace the official executable file with the malicious version and then rename the original. Most users are not suspicious of programs that have been used for some time and do not cause problems, ”the expert noted.
Implement a similar attack on the forces even script kiddie. Basic knowledge of scripting shell scripts, the AppleScripting scripting language, and Swift is enough for this, and everything else can be “googled,” says Reed.
According to the researcher, the problem is unlikely to be solved in the near future, because macOS functions as it should. In this regard, according to Reed, the best solution would be the implementation by developers of their own mechanisms for checking code for compliance.