CybersecurityDigital IndiaLatest NewsTechnology

Tenable Research Discloses Security Bypass Issues Affecting macOS Installers

India's Cyber Security Market To Touch $35 Bn By 2025

Tenable Research has today disclosed multiple security-related issues affecting macOS application installers. These issues include the ability to bypass default macOS security mechanisms regarding signed application installers, which are designed to prevent malicious scripts from running. The team also warned all application developers about a possible security “gotcha” to be aware of when generating installers for their applications.

Installing new applications is something every macOS user is familiar with. The flaws identified by Tenable, and discussed in this blog post, have the potential to affect each and every user that ever has a need to install a new application, particularly applications that require a password to be entered before installation, such as Microsoft Teams.

The flaws identified could also allow malicious actors that have previously gained access to the system to elevate their privileges without the user being notified. This would give an attacker complete control over the user’s system. This could allow the attacker to spread malware, steal confidential information, or a number of other nefarious tasks.

These issues remain unpatched. Apple has stated that the security bypass method identified by Tenable Research is expected behavior and operates as intended. Apple also said that the security enhancement recommended by Tenable for the installer subsystem is the responsibility of individual developers and is not a security issue, despite having fixed a similar issue reported in 2020.

ITN
Today we live in a T-shaped world. While broad knowledge across the ecosystems is critical, deep insights and expertise of Subject Matter Experts help organizations leapfrog. At IndiaTechnologyNews, we cover much more than news, views and analysis, and we feature SMEs to help translate their knowledge to wider audiences. Reach me at editor@indiatechnologynews.in

You may also like