The latest update to Apple's macOS operating system arrived today -
Big South 11.3 - and security experts urge all users to install the update because it contains a critical fix. The update fixes a flaw discovered by security researcher Cedric Owens, which "allows an attacker to very easily create a macOS payload that is not verified by Gatekeeper," according to Owens. "This payload can be used for phishing and all the victim has to do is double-click to open the .dmg file and double-click the fake app inside the .dmg - no pop-ups or macOS warnings are generated ". Another security researcher, Patrick Wardle, discovered that the flaw was already exploited by malware droppers, with his blog post detailing the mechanics of the exploit.
Open door
Typically, when a suspicious file has the potential to harm a user's system (usually an executable file or a disguised program), macOS will use its Gatekeeper feature to warn users of the type of file they are installing, regardless the way you can. otherwise it will be presented. The flaw discovered by Owens allows hackers to trivially bypass Gatekeeper, along with a number of other basic security measures, so that the user does not receive any warning between double-clicking the downloaded file and running it on their system. Starting with Big Sur 11.3, malicious files matching the above description will now display an error message stating that the file "cannot be opened because the developer cannot be identified." In addition to this critical fix, the latest macOS update adds a variety of support features for Apple's latest AirTag tracking products, as well as improved integration of iPhone and iPad apps into Mac M1 products. For most users, macOS should automatically update to the latest version, or a prompt should allow you to do so. If not, go to System Preferences to find the software update and manually install it from there.