People are currently reading this guide.
 |
| Image Credits: The Hacker News |
Filippo Cavallarin details the security weaknesses on its website and explains how it works with Gatekeepers, a feature that encourages users to confirm that they want to install applications outside the Mac App Store.
The solution lies in how macOS handles network sharing and treats them as a secure system: the system may have to open files from zip files that contain malicious code. In theory, potential hackers can execute the code of their choice.
Although vulnerabilities still require someone to open zip files and trust the files they contain to function, this seems to be an effective way to avoid the protection of the Gatekeeper.
90 days delay
Cavallarin said he talked about a problem with Apple 90 days ago and was convinced that the problem was resolved. However, it seems that the latest MacOS 10.14.5 is still vulnerable.
"This problem must be resolved, according to the supplier, on May 15, 2019, but Apple started sending me emails," Cavallarin said. "Because Apple knows the deadline for publishing my 90 days, I will make this information public."
So far, Apple hasn't responded to Cavallarin's report, so we don't know when the vulnerability will be fixed (or whether it will function exactly as Cavallarin said in the report).
This is a reminder to handle all incoming files with suspicion, regardless of the operating system you are using, especially if they have the ability to run code on your computer.