Filippo Cavallarin doing researchsecurity in the Italian company Segment. He recently revealed details of a vulnerability present in macOS 10.14.5 Mojave and previous versions. It allows you to perform arbitrary actions on a PC, for example, installing malware, without the user's knowledge, that is, without requiring its permission to operate.
Vulnerability allows fraudsters to bypassGatekeeper is a mechanism that is built into macOS. It protects the OS from running questionable applications by checking for the presence of a digital certificate issued by Apple. Cavallarin noted that Gatekeeper regards external networks and drives as safe locations. Along with other legitimate options, macOS allows fraudsters to launch unreliable applications without notifying the user.
Auto-mount option in OS andsupporting symbolic links makes it possible to run arbitrary code. Gatekeeper does not respond to this. MacOS allows the user to connect network resources automatically with the "autofs" command. Symbolic links are files that create links to folders or files stored in a different place, including a network share. Links that are contained in archives are not checked. A fraudster can take advantage of this by forcing the user to click on them to gain access to remote content.
The attack technique described by the Italian is prettyis simple. Studying her concept, the researcher added a bash script to the “Calculator” files that runs various executable files, including iTunes. They also modified the “Calculator” icon.
Filippo Cavallarin told Apple he foundvulnerabilities are still February 22, but the company has not yet corrected the situation. To stir up Apple, a security researcher 90 days later, he decided to publicize the vulnerability.