The Hole At The End Of The Universe Mac OS

Posted on  by
  1. The Hole At The End Of The Universe Mac Os 11
  2. The Hole At The End Of The Universe Mac Os Catalina
  3. Edge Of The Universe

Apple has released macOS 11.3, fixing a serious flaw that allowed an attacker to sneak malicious files past the operating system's Gatekeeper security mechanism.

The Hole in the Universe: How Scientists Peered over the Edge of Emptiness and Found Everything (2001) Nothing exposed for what it is: Something! This is a book about 'nothing' inspired by recent discoveries in physics, similar to the one written by Brit physicist John D. Barrow, The Book of Nothing: Vacuums, Voids, and the Latest Ideas about the Origins of the Universe (2000). Since we can comfortably classify Unix as the first operating system to come into existence, the heritage of the Unix-like operating systems includes the likes of Chrome OS, Mac OS X, iOS, Linux, Android, Play Station 4’s Orbis OS, Windows OS, and the firmware powering your routers. We classify these OS categories as Unix-like.

Gatekeeper is one of the primary macOS defenses against the installation of malware, explained Cedric Owens, the security researcher who found the bug, in a message to The Register.

The vulnerability, he said, lets an attacker rig a malicious file so it won't get blocked by Gatekeeper when a user tries to open it. He considers it to be one of the most dangerous he's encountered on recent versions of macOS.

All it would take to install a malicious payload abusing this bug would be for the user to double-click on malware downloaded to a Mac via an emailed link or website.

'A victim detonating one of these payloads would give the attacker the ability to remotely access sensitive data in directories not protected by TCC [Apple's Transparency, Consent, and Control framework],' said Owens, who elaborated on his findings in a Medium post.

In an email to The Register, security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack, said, 'This bug, a subtle logic flaw deep within macOS’s policy subsystem, trivially bypasses many core Apple security mechanisms, such File Quarantine, Gatekeeper, and Notarization requirements, leaving Mac users at grave risk.'

He has written up the issue in full here.

Most Mac malware infections, he said, are the result of users unwittingly running infected software. He pointed at the recently identified Silver Sparrow malware, which managed to infect over 30,000 Macs in a matter of weeks, despite the need for user interaction.

At least Sony offered a t-shirt, says macOS flaw finder: Bug bounties now for Macs if you want this 0-day, Apple

READ MORE

Apple has implemented interrelated mechanisms over the years to reduce the threat of interaction-based malware, such as File Quarantine in 2007 (Mac OS X Leopard), Gatekeeper in 2012 (Mac OS X Lion v10.7.5), and Applications Notarization in 2020 (macOS 10.15).

Thanks to this bug, Wardle explained, 'it is possible to craft a malicious application that though unsigned (and hence unnotarized) is misclassified and thus is allowed to launch with no prompts or alerts. This effectively reverts aspects of macOS security back to pre-2007 levels.'

The logic flaw Wardle mentioned has to do with a code oversight that misclassifies a script-based application (run via the shell, /bin/sh) without an Info.plist configuration file as 'not a bundle,' which means the script can execute without any Gatekeeper alerts or permission prompts. It's been around since the release of macOS Catalina 10.15 in 2019.

Objective See's free BlockBlock security tool has a mode to detect apps that aren't Notarized, like a malicious script attempting to exploit the Gatekeeper bypass. So too apparently does Jamf Protect, an enterprise product.

Wardle said he and former colleagues at security firm Jamf found Mac malware that exploits this bug in the wild earlier this month.

According to Jaron Bradley, macOS detections expert at Jamf, the malware detected using this technique is an updated version of Shlayer, a family of malware discovered in 2018 that's one of the most commonly seen forms of Mac malware.

'One of our detections alerted us to this new variant, and upon closer inspection we discovered its use of this bypass to allow it to be installed without an end user prompt,' Bradley explained in a message to The Register. 'Further analysis leads us to believe that the developers of the malware discovered the zero day and adjusted their malware to use it, in early 2021.'

Shlayer's goal is to install adware on the victim's computer, so the malware authors can profit from ad revenue, said Bradley, noting that the earliest sample using the Gatekeeper bypass technique was spotted on January 9, 2021.

Owens said he reported the bug to Apple on March 25. Apple fixed the issue five days later in a macOS Big Sur 11.3 beta release, said Wardle, based on scouring for changed strings in the beta code. The official release of macOS Big Sur 11.3 should help close this particular hole once macOS users apply the update. ®

Get ourTech Resources

App Sandbox is an access control technology provided in macOS, enforced at the kernel level. It is designed to contain damage to the system and the user’s data if an app becomes compromised. Apps distributed through the Mac App Store must adopt App Sandbox. Apps signed and distributed outside of the Mac App Store with Developer ID can (and in most cases should) use App Sandbox as well.

At a Glance

Complex systems will always have vulnerabilities, and software complexity only increases over time. No matter how carefully you adopt secure coding practices and guard against bugs, attackers only need to get through your defenses once to succeed. While App Sandbox doesn’t prevent attacks against your app, it does minimize the harm a successful one can cause.

The Hole At The End Of The Universe Mac Os 11

A non-sandboxed app has the full rights of the user who is running that app, and can access any resources that the user can access. If that app or any framework it is linked against contain security holes, an attacker can potentially exploit those holes to take control of that app, and in doing so, the attacker gains the ability to do anything that the user can do.

Designed to mitigate this problem, the App Sandbox strategy is twofold:

  1. App Sandbox enables you to describe how your app interacts with the system. The system then grants your app the access it needs to get its job done, and no more.

  2. App Sandbox allows the user to transparently grant your app additional access by way of Open and Save dialogs, drag and drop, and other familiar user interactions.

App Sandbox is not a silver bullet. Apps can still be compromised, and a compromised app can still do damage. But the scope of potential damage is severely limited when an app is restricted to the minimum set of privileges it needs to get its job done.

App Sandbox is Based on a Few Straightforward Principles

By limiting access to sensitive resources on a per-app basis, App Sandbox provides a last line of defense against the theft, corruption, or deletion of user data, or the hijacking of system hardware, if an attacker successfully exploits security holes in your app. For example, a sandboxed app must explicitly state its intent to use any of the following resources using entitlements:

  • Hardware (Camera, Microphone, USB, Printer)

  • Network Connections (Inbound or Outbound)

  • App Data (Calendar, Location, Contacts)

  • User Files (Downloads, Pictures, Music, Movies, User Selected Files)

Access to any resource not explicitly requested in the project definition is rejected by the system at run time. If you are writing a sketch app, for example, and you know your app will never need access to the microphone, you simply don’t ask for access, and the system knows to reject any attempt your (perhaps compromised) app makes to use it.

On the other hand, a sandboxed app has access to the specific resources you request, allows users to expand the sandbox by performing typical actions in the usual way (such as drag and drop), and can automatically perform many additional actions deemed safe, including:

  • Invoking Services from the Services menu

  • Reading most world readable system files

  • Opening files chosen by the user

Mac

The elements of App Sandbox are entitlements, container directories, user-determined permissions, privilege separation, and kernel enforcement. Working together, these prevent an app from accessing more of the system than is necessary to get its job done.

Relevant chapters:App Sandbox Quick Start, App Sandbox in Depth

Design Your Apps with App Sandbox in Mind

After you understand the basics, look at your app in light of this security technology. First, determine if your app is suitable for sandboxing. (Most apps are.) Then resolve any API incompatibilities and determine which entitlements you need. Finally, consider applying privilege separation to maximize the defensive value of App Sandbox.

Xcode Helps You Migrate an Existing App to App Sandbox

Some file system locations that your app uses are different when you adopt App Sandbox. In particular, you gain a container directory to be used for app support files, databases, caches, and other files apart from user documents. Xcode and macOS support migration of files from their legacy locations to your container.

Relevant chapter:Migrating an App to a Sandbox

Preflight Your App Before Distribution

The Hole At The End Of The Universe Mac Os Catalina

After you have adopted App Sandbox in your app, as a last step each time you distribute it, double check that you are following best practices.

How to Use This Document

To get up and running with App Sandbox, perform the tutorial in App Sandbox Quick Start. Before sandboxing an app you intend to distribute, be sure you understand App Sandbox in Depth. When you’re ready to start sandboxing a new app, or to convert an existing app to adopt App Sandbox, read Designing for App Sandbox. If you’re providing a new, sandboxed version of your app to users already running a version that is not sandboxed, read Migrating an App to a Sandbox. Finally, before distributing your app, work through the App Sandbox Checklist to verify that you are following best practices for App Sandbox.

Prerequisites

Before you read this document, make sure you understand the overall macOS development process by reading Mac App Programming Guide.

See Also

To complement the damage containment provided by App Sandbox, you must provide a first line of defense by adopting secure coding practices throughout your app. To learn how, read Security Overview and Secure Coding Guide.

An important step in adopting App Sandbox is requesting entitlements for your app. For details on all the available entitlements, see Entitlement Key Reference.

You can enhance the benefits of App Sandbox in a full-featured app by implementing privilege separation. You do this using XPC, a macOS implementation of interprocess communication. To learn the details of using XPC, read Daemons and Services Programming Guide.



The hole at the end of the universe mac os download

Edge Of The Universe

Copyright © 2016 Apple Inc. All Rights Reserved. Terms of Use Privacy Policy Updated: 2016-09-13