Mac users, download macOS 11.3 now to fix major security flaw

The latest version of Apple's macOS comes with more than just a slew of fancy new features.

Buried inside macOS 11.3, which was released Monday morning, is a patch that fixes a critical vulnerability that was actively being exploited. This means that, yes, hackers or criminals or governments around the world were using this previously unreported bug for their own malicious ends.

That's according to Patrick Wardle, creator of the Mac security website and tool suite Objective-See. In a blog post timed to coincide with the release of macOS 11.3, Wardle explains just how serious the now-patched vulnerability is.

"This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk," he writes.

Worryingly, Wardle and Jamf, a company that makes Apple management software for enterprise customers, were able to detect real malware exploiting this bug in the wild.

We reached out to Apple to both confirm Wardle's report and that macOS 11.3 contains a patch for this specific vulnerability. An Apple spokesperson confirmed that the latest version of macOS does include a fix for the underlying issues.

Discovered and reportedby Cedric Owens, an offensive security researcher, the bug — a logic flaw — reportedly allows a bad actor to bypass Apple's File Quarantine and Notarization requirements. It also, according to Apple, allows malware to skip the display of the Gatekeeper dialogue box but not bypass XProtect, Gatekeeper's malware detection, itself.

Why is this such a big deal?

"When a user downloads and opens an app, a plug-in, or an installer package from outside the App Store, Gatekeeper verifies that the software is from an identified developer, is notarized by Apple to be free of known malicious content, and hasn’t been altered," explains an Apple support page. "Gatekeeper also requests user approval before opening downloaded software for the first time to make sure the user hasn’t been tricked into running executable code they believed to simply be a data file."

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Presumably, then, this bug allows malware to skip that latter part of the Gatekeeper process.

In other words, bad actors are able to use this exploit to render many of the protective measures your computer takes to ensure downloaded files aren't malware useless.

Wardle demonstrates what this looks like in practice with a quick proof-of-concept video. In the video, embedded below, he shows how a downloaded file — which, to the user, looks like a PDF file — launches the calculator app.

Sneaky. Credit: Patrick wardle

And while Mac users don't necessarily need to worry about their calculator apps, they should worry about supposed PDF files being able to launch random applications on their computers without a bunch of alarm bells going off.

A hacker, after all, won't be interested in simple addition and subtraction.

Instead, someone exploiting the vulnerability might be able to launch a hidden program that could be involved any number of worrisome activities — think ransomware, stealing credit card digits, or worse.

Wardle was quick to clarify that exploiting this bug requires a user to first click or download something. Still, that's only a partial assurance.

"The majority of Mac malware infections are a result of users (naively, or mistakenly) running something they should not," explained Wardle over direct message. "And while such infections, yes, do require user interaction, they are still massively successful. In fact the recently discovered Silver Sparrow malware, successfully infected over 30,000 Macs in a matter of weeks, even though such infections did require such user interactions."

Thankfully, macOS 11.3 contains a fix — a fact Wardle says he was able to verify by reverse-engineering the latest operating system. "And good news," writes Wardle on his blog, "once patched macOS users should regain full protection."

SEE ALSO: How to stop your cell provider from sharing (some of) your data

That's good news indeed.

So go ahead and download macOS 11.3, and rest easy knowing that at least this specific Mac security problem has been fixed. Don't, however, throw all caution to the wind — please still think twice before downloading random files from the internet.