Skip to main content

Major Apple macOS security flaw detected

Mac users have been warned to up their online protection after a major security flaw was found in Apple's macOS.

Researchers from Okta have uncovered a significant vulnerability in the macOS software platform that could allow hackers or criminals to impersonate Apple and gain access to a machine and the data within.

The flaw, discovered by Josh Pitts, a researcher on Okta's Research and Exploitation (REX) team, was found within Apple's 'code-signing' service, which governs the code that makes up the software on any macOS device.

Code Signing is the standardised process of using public key infrastructure to digitally ‘sign’ compiled code or even scripting languages to make it look like it came from a trusted origin such as Apple. 

Pitts was able to exploit this to create a tweaked program that to third-party security tools appeared to approved by Apple, getting past a core security function of macOS, evading detection by even the most detailed security tools and letting in malicious code until it is found and patched.

"What this does, is break the chain of trust in code signed by Apple and in MacOS security that people often take for granted," Okta said, noting that 91 per cent of enterprises use Mac devices in some way.

Okta says it passed on news of the flaw to Apple back in February, and the two companies have been working together ever since.

Michael Moore
Michael Moore is News and Features Editor working across both ITProPortal and TechRadar Pro. He has worked as a technology journalist for more than five years, including spells at one of the UK's leading national newspapers. He is interested in hearing about all the latest news and developments across the Business IT world, and how companies are using new technology to help push forward their work and make their customer's lives easier.