Researchers at XM Cyber have discovered a method to attack a Mac without requiring a kernel exploit or bypassing macOS’s System Integrity Protection (SIP). This vulnerability highlights the importance of protecting personal devices from potential threats.
To take advantage of the exploit, an attacker needs to find a way to access the Mac, either by directly accessing it, or through social engineering. The attack itself involves the installation of a legitimately signed app, and when macOS caches the app’s trust fingerprint, the attacker can go in and modify the app bundle with a malicious payload.
The attack does not trigger standard exploit signatures or leave obvious event log artifacts, making it difficult to detect. Enterprise endpoint security tools running on the target Mac were also successfully hacked, including Macs running CrowdStrike Falcon Sensor and Kandji MDM Agent.
CrowdStrike and Kandji have since updated their software to fix the vulnerability, while Apple has not publicly responded to XM Cyber’s findings. This situation underscores the importance of staying vigilant and up-to-date with the latest security patches and software updates.
The easiest way to protect yourself from an attack like this is to avoid downloading software from unfamiliar sources. Be cautious when installing software for someone you don’t know, and never open links in emails or texts from unknown sources.
Apple has vetted software in the Mac App Store, making it the safest way to get apps. If you prefer not to use the Mac App Store, consider buying software directly from the developer and their website. Using cracked software always risks malware exposure.
Apple has protections in place within macOS, and the company releases security patches through OS updates. It’s essential to install these updates when they are available, as they can help prevent vulnerabilities like this one.