Major Apple macOS security flaw detected

null

Mac users have been warned to up their online protection after a major security flaw was found in Apple's macOS.

Researchers from Okta have uncovered a significant vulnerability in the macOS software platform that could allow hackers or criminals to impersonate Apple and gain access to a machine and the data within.

The flaw, discovered by Josh Pitts, a researcher on Okta's Research and Exploitation (REX) team, was found within Apple's 'code-signing' service, which governs the code that makes up the software on any macOS device.

Code Signing is the standardised process of using public key infrastructure to digitally ‘sign’ compiled code or even scripting languages to make it look like it came from a trusted origin such as Apple. 

Pitts was able to exploit this to create a tweaked program that to third-party security tools appeared to approved by Apple, getting past a core security function of macOS, evading detection by even the most detailed security tools and letting in malicious code until it is found and patched.

"What this does, is break the chain of trust in code signed by Apple and in MacOS security that people often take for granted," Okta said, noting that 91 per cent of enterprises use Mac devices in some way.

Okta says it passed on news of the flaw to Apple back in February, and the two companies have been working together ever since.