The Critical Vulnerability Has Been Found In Mac OS Mojave!

Cybercriminals actively exploit a vulnerability in MacOS Mojave, which allows you to bypass Gatekeeper, a technology that enables only trusted software to run.

• The gatekeeper “considers” external media and network file resources to be safe and allows launching without checking the signatures of any applications from the specified resources.

Also, two features of MacOS are used to implement the vulnerability:

1. Autofs and paths “/net/*” allow users to automatically mount network file resources starting with “/net/”. For example, when listing an NFS resource: ls/net/evil-resource.net/shared/.
2. Zip archives can contain symbolic link files that lead to automounting when unpacking the archive on the target system.

Thus, the following attack scenario can be used to bypass the Gatekeeper.

The attacker creates a zip archive with a symbolic link to the resource he controls and sends it to the victim. The victim unpacks the archive, which causes the attacker to mount and add to the “trusted” resource. The monitored resource hosts the *.app application, which, with the standard settings of the Files file manager, is reflected as a local directory or another harmless object. In this case, the .app extension is hidden and the full path to the resource is not displayed.

Example of exploiting vulnerabilities:

MacOS users should refrain from installing applications or downloading files from questionable sources.

Related posts:

The Patch From Meltdown Has Led To A More Critical Vulnerability Of Windows 7×64/2008R2 Critical Vulnerability In Gmail That Allows Intruders To Bypass It Through The FireFox Found a Dangerous Vulnerability in Asterisk that Allows Intercepting VoIP Traffic Critical Mistakes or Why Data Centers fails