Apple on Monday released macOS 11.3 and, if you have not yet done so, you should update your Mac to macOS 11.3 immediately to protect against “worst hack in years.” Patrick Wardle, a former NSA analyst and a macOS security expert, has described it as one of the worst security issues to have ever hit the Apple operating system.
Malicious hackers can and have created malware that, though unsigned, is misclassified by Apple’s operating system, thanks to a logic error in macOS’ code. That means malware can skip all the checks done by Apple’s security mechanisms like Gatekeeper and File Quarantine, which are designed to stop any unapproved, dangerous apps from running.
There’s one caveat: The hackers have to convince a user to download or run an app that’s not in the App Store or allowed by Apple. But once that’s done, the malware won’t be stopped installing by the Mac’s defensive tools, though macOS should stop any changes to critical system files and ask the user if the app can access photos, the mic or other systems. For anyone still running an unpatched macOS, Wardle’s advice was simple: “Don’t open anything from anybody.”
It affects all recent versions of macOS but Apple has released a patch that prevents the attacks. Version Big Sur 11.3 is available now and contains other fixes besides addressing this bug.
An Apple spokesperson said the company has now addressed the issue in macOS 11.3 and updated XProtect, its malware detection, to block the malware using this technique. That XProtect update will happen automatically and retroactively apply to older versions of macOS.
MacDailyNews Take: Again, if you haven’t already, update now. Choose System Preferences from the Apple menu , then click Software Update to check for updates, and click the Update Now button.
Why word it as vague as “It affects all recent versions of macOS”? Why not list the actual versions affected? What is defined as “recent”? Is it just versions of macOS 11 Big Sur? Since the update is only in 11.3, it seems to imply this.
So OS X 10.15 and 10.14 are affected or not? Sloppy reporting.
Such specifics are kind of important when you’re dealing with the “worst hack in years?”
I’m still on Mojave because of Adobe Creative Suite. I BOUGHT that software and refuse to pay Adobe’s annual extortion charge. Nothing in OS updates is worth making the switch
Probably best you disconnect from the Internet ASAP and use a different computer to go online if you value your data and online life. Your version of MacOS is probably as vulnerable as heck, so be careful. Please don’t be the next John Dingler, LA hack victim. All of his data was wiped and he lost original digital artworks including NFTs worth some coin because he felt he was invulnerable, but he was left in an invulner-rabble.
Please don’t be like John Hal. Hal, you can do this! You can open the pod bag doors to an update! Your mind isn’t going, but your data might.
Security updates for Mojave and Catalina out now that patch the same security issues. You OUGHT to update your Mojave so you can Mojave some peace. Also you didn’t “buy” the Abode software, you acquired a license.
Don’t be like Dingler though. He got HACKED. Bad. He explains it in a different thread, he’s had to use a PC for the first time in years and he said his Dingler was tingling and his chocolate starfish was pulsing open and shut, he definitely WASN’t and ISN’T Happy. He isn’t any of the other six dwarves either.
Dingler is also secretly addicted to brake fluid, but he assures us it’s ok – he says he can stop and any time.
Don’t do drugs kids – they’re brutal. Just check out any of Dingler’s recent artworks for proof.
No, I bought the Abobe software its mine and I don’t have to renew a license or do anything but use it gloriously, for as long as I choose, and nothing can be done about it…
Agreed. I OWN an older version of the Creative Suite and no way Jose, I’m paying the monthly Adobe Tax. The older computer I use, does not connect to the internet. That is accomplished on a newer Mac…
Once again the fire alarm is pulled to put out a match. What are the chances of anyone downloading an app that would deploy this malware… How many people do you know that say, get this app, greatest thing ever, just so they can infect you… Slim, nil, nada….
Dingler got hacked, if it can happen to him, it can happen to anyone!
What’s this Dingler got hacked?
Dingler said in a different thread that his Mac got hacked because he thought he was invulnerable.
There’s a famous parable around LA that we all know well:
What’s the difference between God and John Dingler?
God doesn’t walk around thinking he’s John Dingler.
With all the extra steps you have in iOS for what should be a simple task, I’m convinced that Apple has hired a whole bunch of ex-MS Windows workers. Now this, just confirms that OS X is being worked on by MS Vista workers.
I find it way too coincidental that the day a new macOS is released that a report about the worst hack ever appears and pleads with us to update. Just marketing scare tactics to me
Toxic Hellstew?
Yes, applecynic IS a toxic hellstew.