The Critical Vulnerability Has Been Found In Mac OS Mojave!
- The gatekeeper “considers” external media and network file resources to be safe and allows launching without checking the signatures of any applications from the specified resources.
Also, two features of MacOS are used to implement the vulnerability:
- Autofs and paths “/net/*” allow users to automatically mount network file resources starting with “/net/”. For example, when listing an NFS resource: ls/net/evil-resource.net/shared/.
- Zip archives can contain symbolic link files that lead to automounting when unpacking the archive on the target system.
Thus, the following attack scenario can be used to bypass the Gatekeeper.
The attacker creates a zip archive with a symbolic link to the resource he controls and sends it to the victim. The victim unpacks the archive, which causes the attacker to mount and add to the
“trusted” resource. The monitored resource hosts the *.app application, which, with the standard settings of the Files file manager, is reflected as a local directory or another harmless object. In this case, the .app extension is hidden and the full path to the resource is not displayed.
Example of exploiting vulnerabilities:
MacOS users should refrain from installing applications or downloading files from questionable sources.