Apple’s Latest Update on MacOS Security Fixes USB Threats

One of the susceptibilities mentioned by Apple in its modern set of security updates for MacOS is a random code implementation error, which could be oppressed via harmful USB devices.

Trend Micro security researchers revealed and informed Apple in April 2017, the matter exists in fsck_msdos, a system device developed to inspect for and resolve errors in devices configured with the FAT filesystem. The researchers revealed that since the device is automatically raised by MacOS when an instrument utilizing the FAT filesystem i.e. when USB disk or SD card is used, a security flaw could let harmful devices to implement random code when they are linked to a MacOS.

The vulnerability is created by a memory corruption issue and its exploitation could lead to an attacker taking full control of a vulnerable system, Trend Micro says.

“We do not believe that this attack has been used in the wild. We strongly recommend that users update their software to address this flaw, as well as the others that were part of this update cycle,” the security researchers note.

Trend Micro came to know that harmful code could change a byte comprising the extraordinary bits of a memory address with a random value and established to point alternative address.

“If the target address is sprayed with a malformed dosDirEntry structure, arbitrary code execution is now possible. This can potentially allow an attacker to take over the vulnerable device,” the security researchers note.

Tracked as CVE-2017-13811, Apple addresses about the vulnerability with the rise of macOS High Sierra 10.13.1 (and Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan), which fixed approximately 150 vulnerabilities, containing 3 KRACK-associated errors.

Trend Micro clarifies that fsck_msdos is utilized in further BSD-based functioning systems, as well as in Android. Since of that, additional vendors were also updated of the vulnerability, comprising Google.

However, it appears that the issue won’t be resolved in Android, because “fsck_msdos runs under a very restricted SELinux domain.” Nevertheless, Google is apparently looking into addressing the bug in a future release of the operating system, the researchers note.

The IT administrators are instructed to control USB access to devices to reduce the influence of this vulnerability, specifically in view of that this is a technique commonly used by malware to move in targeted systems. They should furthermore contemplate physical controls for particularly complex devices.

Leave a Reply

Your email address will not be published. Required fields are marked *