An ex-NSA researcher has detailed a new method for cyber crooks to take control of your Mac laptop or desktop. The attack is only possible because of a series of interconnected bugs within the macOS operating system. In order to initiate the attack – and seize control of your device – hackers only need an infected Microsoft Office document and a simple .ZIP file, the researcher has warned.
Patrick Wardle, who previously worked for the United States National Security Agency (NSA) and is now employed at security firm Jamf, discovered that even fully-updated macOS Catalina systems could be at risk from this vulnerability.
To work, the exploit uses a rigged Microsoft Office document saved in the .slk format. This format allows the document to trick your MacBook or iMac into allowing the Office app to activate macros without consent – and even worse – without notifying the user with a pop-up. By using a $ sign in the filename, hackers are able to break free from the Microsoft Office sandbox and use macros to impact other parts of the system.
Compressing the file into the .ZIP format allows cyber crooks to bypass a security restriction in macOS that prevents downloaded items from accessing user files.
By chaining these vulnerabilities together, hackers are able to execute macros behind users’ backs, use those same secretive macros to impact other parts of the system outside of the sandboxed Microsoft Office app, and finally, impact user files on the system itself – thanks to a quirk of using the .ZIP format.
iPhone users rejoice, but Android and Gmail users got some bad news
“In the world of Windows, macro-based Office attacks are well understood (and frankly are rather old news). However, on macOS, though such attacks are growing in popularity and are quite en vogue, they have received far less attention from the research and security community,” researcher Patrick Wardle explained in a blog post about his discovery.
“Triggered by simply opening a malicious (macro-laced) Office document, no alerts, prompts, nor other user interactions were required in order to persistently infect even a fully-patched macOS Catalina system.”
The stellar security and data privacy reputation held by Apple Mac machines could mean users are more likely to underestimate the threat level. After all, macOS is by no means unhackable – as this latest discovery proves – so while these types of attacks are less common than those on Windows, users must not be complacent about security.
As long as you keep your MacBook or iMac in your sights, you should be able to avoid this nightmare scenario. After all, Patrick Wardle has conceded that the latest attack does require users to log-in and log-out of their device twice in order to make the attack possible. That does not automatically make the attack less likely as cyber crooks are often content to play the long game, Wardle warns.
Source Daily Express :: Tech Feed