Vulnerability allows hijacking of software installed in macOS

It has been revealed a dangerous flaw in macOS that allows hackers to hijack applications installed through unusual routes

A security report made by specialists in digital forensics has revealed the presence of a vulnerability in macOS that apparently remained unknown to most users of the operating system. Exploiting this flaw would allow malicious users to hijack any installed application and access its contents.

This vulnerability is due to incorrect verification by the system. Computers that operate with macOS do not run applications (user-installed software) without code signing. The system blocks executable files that do not have a valid signature. This is done by Apple to control the application environment, so uncertified applications cannot be easily distributed and updates will fail if signature checks are not performed correctly.

For digital forensics experts, it seems that Apple performs checks for all installed applications. During this process, any executable file is flagged, then the code is signed and, if passed, the flag is deleted from the executable file. Deleting this flag will send a warning to the operating system to be labeled as reliable software. Once this process is complete, macOS will no longer verify the applications or run any more security checks.

Hackers can easily abuse this control mechanism; all they need to do is replace the legitimate executable in an application pack with a fake one, specially crafted, the original file can be renamed as another file. The proof of concept of this attack shows that this leads to abusive behavior: the original application will start normally, but at the same time the malicious copy will run in the background.

Previous security incidents that exploit this vulnerability involve broader code modifications, while this approach is easier to use. The potential abuse and exploitation of macOS devices can be carried out even by beginner hackers.

The most troubling thing is that the digital forensics experts from the International Institute of Cyber Security say that there is very little chance that this particular vulnerability will be solved, because it resides in the way this operating system works. At the moment, the short-term solution is for software developers to implement their own signature validation processes.

Just a few days ago, Apple was handling with another flaw that allowed the leaking of personal information from computers working with macOS through its mobile device management service (MDM).