Actively exploited Mac 0-day neutered core OS security defenses

Apple fixes macOS vulnerability hackers exploited to suppress security warnings.

Actively exploited Mac 0-day neutered core OS security defenses

Enlarge (credit: Getty Images)

When Apple released the latest version 11.3 for macOS on Monday, it didn't just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms, some that were in place for more than a decade.

Together, the defenses provide a comprehensive set of protections designed to prevent users from inadvertently installing malware on their Macs. While one-click and even zero-click exploits rightfully get lots of attention, it’s far more common to see trojanized apps that disguise malware as a game, update, or other desirable piece of software.

Protecting users from themselves

Apple engineers know that trojans represent a bigger threat to most Mac users than more sophisticated exploits that surreptitiously install malware with minimal or no interaction from users. So a core part of Mac security rests on three related mechanisms:

Read 16 remaining paragraphs | Comments

Urheberrecht & DSGVO: Betrüger nehmen mit gefälschten Anwälten Infos aus dem Netz

Betrüger versuchen mit schmutzigen Tricks, Inhalte aus dem Netz zu entfernen. Ein Hoster kam ihnen mit einer forensischen Analyse auf die Schliche. (Urheberrecht, Datenschutz)

Betrüger versuchen mit schmutzigen Tricks, Inhalte aus dem Netz zu entfernen. Ein Hoster kam ihnen mit einer forensischen Analyse auf die Schliche. (Urheberrecht, Datenschutz)

Zu giftig für Europa – gut genug für den Export?

Geschäfte mit Pestiziden: Entwicklungspolitisches Netzwerk erhebt schwere Vorwürfe gegen deutsche Chemieriesen und kritisiert Gesetzgebung als fahrlässig

Geschäfte mit Pestiziden: Entwicklungspolitisches Netzwerk erhebt schwere Vorwürfe gegen deutsche Chemieriesen und kritisiert Gesetzgebung als fahrlässig

Legislation would mandate driver-monitoring tech in every car

Distracted driving claimed more than 3,000 lives in the US in 2019.

A surprised woman gleefully lets go of her car's steering wheel.

Enlarge / A woman test drives Cadillac's Super Cruise hands-free driver-assistance feature in 2018. Super Cruise includes a camera-based eye-tracking technology to ensure drivers are watching the road. (credit: Alexander Tamargo/Getty Images for Cadillac)

Three United States senators on Monday proposed legislation that would require all new cars in the United States to have driver-monitoring systems within six years. Two of the legislation's sponsors—Ed Markey (D-MA) and Richard Blumenthal (D-CT)—recently sent a letter to federal regulators expressing concern about last week's fatal Tesla crash in Texas.

It's not clear how a 2019 Tesla Model S wound up crashing into a tree at high speed in a residential neighborhood outside Houston. Police reported that neither of the vehicle's two passengers was in the driver's seat: one was in the front passenger seat, while the other was sitting in a rear seat.

The crash has drawn more attention to the long-running debate over adding driver-monitoring technology to cars. A few carmakers have already adopted robust driver-monitoring technology. Cadillac's Super Cruise driver-assistance technology, for example, uses a driver-facing camera to verify that the driver's eyes are focused on the road. Drivers can take their hands off the wheel while Super Cruise is active. But if they stop looking at the road ahead, Super Cruise will warn them and eventually disengage.

Read 8 remaining paragraphs | Comments