fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple Fixes MacOS Zero-day Bug Exploited By Shlayer Malware

Apple Fixes MacOS Zero-day Bug Exploited By Shlayer Malware

Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Shlayer’s creators have managed to get their malicious payloads through Apple’s automated notarizing process before

If they pass this automated security check, macOS apps are allowed by Gatekeeper—a macOS security feature that verifies if downloaded apps have been checked for known malicious content—to run on the system.

In the past, Shlayer also used a two-year-old technique to escalate privileges and disable macOS’ Gatekeeper to run unsigned second-stage payloads in a campaign detected by Carbon Black’s Threat Analysis Unit.

Zero-day exploited in the wild to deploy malware

The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability (tracked as CVE-2021-30657), discovered and reported to Apple by security engineer Cedric Owens.

As revealed by security researcher Patrick Wardle, this now fixed bug takes advantage of a logic flaw in the way Gatekeeper checked if app bundles were notarized to run on fully-patched macOS systems.

Wardle added that “this flaw can result in the misclassification of certain applications, and thus would cause the policy engine to skip essential security logic such as alerting the user and blocking the untrusted application.”

Unlike previous variants that required victims to right-click and then open the installer script, recent malware variants abusing this zero-day and distributed using poisoned search engine results and compromised websites can be launched by double-clicking.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Today, Apple has released a security update to fix the vulnerability in macOS Big Sur 11.3 and block malware campaigns actively abusing it.

Users are now alerted that malicious apps “cannot be opened because the developer cannot be identified” and advised to eject the mounted disk image because it may contain malware.

Shlayer malware alert (Jamf)

The Shlayer macOS malware

Shlayer is a multi-stage trojan that attacked over 10% of all Macs, according to a Kaspersky report from January 2020.

Intego’s research team spotted Shlayer for the first time in a malware campaign in February 2018, camouflaged as a fake Adobe Flash Player installer just as many other malware families targeting macOS users.

Unlike original variants, which were pushed via torrent sites, new Shlayer samples are now spread via fake update pop-ups shown on hijacked domains or clones of legitimate sites, or in far-reaching malvertising campaigns plaguing legitimate websites.

After infecting a Mac, Shlayer installs the mitmdump proxy software and a trusted certificate to analyze and modify HTTPS traffic, allowing it to monitor the victims’ browser traffic or inject ads and malicious scripts in visited sites.

Even worse, this technique allows the malware to alter encrypted traffic, such as online banking and secure email.

While Shlayer’s creators currently only deploy only adware as a secondary payload, they can quickly switch to more dangerous payloads such as ransomware or wipers at any time.

One more zero-day exploited in the wild fixed today

Today, the company another WebKit Storage zero-day bug exploited in the wild, tracked as CVE-2021-30661, and impacting iOS and watchOS devices by improving memory management.

The vulnerability allows attackers to execute arbitrary code after tricking targets into opening a maliciously crafted website on their devices.

The list of affected devices includes those running:

  • Apple Watch Series 3 and later
  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

In total, with today’s security updates for macOS and iOS bugs exploited in the wild, Apple has addressed nine zero-days since November.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

The company patched three other iOS zero-days—a remote code execution bug (CVE-2020-27930), a kernel memory leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod devices in November.

In January, Apple fixed a race condition bug in the iOS kernel (tracked as CVE-2021-1782) and two WebKit security flaws (tracked as CVE-2021-1870 and CVE-2021-1871).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us