Enterprises should install Apple’s recent macOS Big Sur 11.3 update to protected their Macs. I spoke with Jamf Mac safety specialist Jaron Bradley, who described why.

Install macOS 11.3 immediately

Enterprise users running fleets of Macs should obtain IT support teams to approve installing Apple’s macOS Big Sur 11.3 update as as possible swiftly; the update should protect Macs against a significant software vulnerability that places data at an increased risk.

As first spotted by Cedric Owens  (and subsequently heavily researched by Jamf), the malware – a fresh version of a known Shlayer vulnerability – spreads in the next ways:

• • Through compromised websites.

• • Via poisoned search engine where criminals create webpages with content tailored to surface in results for common queries.

• • Through fake app updaters or installers.

When exploited, the vulnerability allows unapproved software to perform on Macs and will enable attackers to gain access to personal data. Why is this threat much more serious is that none of the Mac’s defensive tools, including Gatekeeper, Notarization, or File Quarantine can prevent it, unless they’re updated to macOS 11.3.

Enterprises users must be aware that the security team at Jamf found hackers have already been exploiting the vulnerability since Jan. 9. Jamf has published an in-depth explanation of the malware and how it operates . Owens comes with an explanation concerning how he could weaponize the flaw, which  can be acquired here .

Within five days to be told concerning the nagging problem, Apple moved to rectify it with macOS 11.3 . With this particular update, users wanting to install the malware will undoubtedly be told it be opened as the developer can’t be identified “cannot. ” They’ll be urged to delete the installer also.

The actual fact the malware can push past existing Mac security ought to be regarded as a warning to enterprise users to help keep their Macs updated.

Q&A with Jamf

I spoke with Jaron Bradley, manager for macOS detections at Jamf, for more information concerning this latest threat. Bradley’s not-surprising advice for enterprises: install macOS 11.3 soon as possible “as.”

      What's probably the most Interesting thing concerning this malware?          

“Probably the most interesting thing concerning this malware is that the writer has taken a vintage version of it [Shlayer] and modified it slightly to abuse a bug [that] allowed it to bypass security features on macOS,” Bradley said.

      How broad is this threat?          

“The initial Shlayer sample that we’ve discovered by using this technique was reported on January 9th, 2021. The real number of users influenced by this specific variant isn’t currently known, but a Kaspersky report stated that in 2019 1 in 10 users was infected by Shalyer. Those true numbers are old at this time, but Shlayer is still perhaps one of the most prevalent and active malware families for macOS.”

      What is the normal victim profile?          

“Unknown users may come across it at legitimate websites which have been hijacked, which might redirect them to a fresh site hosting the malware ultimately. Additionally it is commonly spread on pirating sites posing as free cracked sites or software that play pirated videos. Users tend to be prompted by the web site to install it to view the expected video.”

      How will you tell in the event that you or a worker are affected?          

“For companies seeking to protect their workers, we at Jamf would encourage running third-party security software with the capacity of detecting these kinds of attacks. For technical users who wish to know if the vulnerability that Shlayer abuses has been applied to their Mac, Patrick Wardle at  Objective-See released a free of charge tool that may perform this type of check.”

      How did this attack complete?          

“Apple makes many updates with their complex security features frequently. At some point, one of these brilliant complex updates created an unintentional bug that allowed attackers to bypass many security features on the operating-system.”

      How will you mitigate the threat?          

“The vulnerabilities that malware abuses could be mitigated by upgrading to macOS 11.3. Apple in addition has updated their built-in anti-virus engine that catches additional variants of Shalyer malware when identified now.”

And what’s your best-practice advice for future security awareness?

“Jamf recommends a patch-fast-and-patch-often kind of policy. When updates that out fix large bugs come, it’s far better install them at the earliest opportunity.”

      Please follow me on           Twitter          , or join me in the           AppleHolic’s bar & grill           and           Apple Discussions           groups on MeWe.