macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.
According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.
"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."
In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.
Popular Stories
Apple's iPhone 17 Pro and iPhone 17 Pro Max models will feature a number of significant display, thermal, and battery improvements, according to new late-stage rumors.
According to the Weibo leaker known as "Instant Digital," the iPhone 17 Pro models will feature displays with higher brightness, making it more suitable for use in direct sunlight for prolonged periods. The iPhone 16 Pro and...
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface.
The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas.
Image Credit: @MajinBuOfficial
The images show three alleged changes compared to Apple's iP...
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive.
If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Just one week before Apple is expected to unveil the iPhone 17 series, an analyst has shared new price estimates for the devices.
Here are J.P. Morgan analyst Samik Chatterjee's price estimates for the iPhone 17 series in the United States, according to 9to5Mac:
Model
Starting Price
Model
Starting Price
Change
iPhone 16
$799
iPhone 17
...
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall.
At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs.
We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else.
iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
A new survey has found that nearly seven in ten iPhone owners in the United States plan to upgrade to an iPhone 17 model, signaling strong demand ahead of Apple's expected unveiling of the devices at its September 9 keynote.
Smartphone price comparison platform SellCell surveyed over 2,000 U.S.-based iPhone users in August to assess upgrade interest and brand loyalty before Apple's event....
