What is the Issue:
Due to a flaw in Apple’s code-signing API, hackers have been able to manipulate the code-signing process to enter malicious code into MacOS systems. Third-party security tools were unable to detect the issue as the malicious codes were signed off by Apple, making it seem as if it was a trusted source. The malicious code would stay on a user’s system until Apple sent out a patch for it, which could take extended periods of time.
Why is this noteworthy:
It’s reported that hackers have been able to perform this exploit on MacOS systems for years now. If a company has had exposure to this attack, their systems may be at risk of hackers having direct access to all of their system files.
What is the exposure or risk:
Security tools built into MacOS are unaffected, however system files are still at risk.The two most common forms of infiltration have been through phishing attacks or file-sharing. If a hacker is able to breach a companies’ system hackers have access to all of a systems personal and financial information.
What are the recommendations:
SKOUT recommends having MacOS users update software to the most current version, and avoid clicking on any emails containing unfamiliar or suspicious links.
References:
- https://thehackernews.com/2018/06/apple-mac-code-signing.html
- https://www.darkreading.com/vulnerabilities—threats/macos-bypass-flaw-lets-attackers-sign-malicious-code-as-apple/d/d-id/1332031
If you have any questions, please contact our Security Operations Center.
