Brittany Van Vliet
Your Mac isn't safe... Here is how hackers can install malware.
You might consider Safari to be the safest web browser for macOS, but there has been one security researcher that has proven it’s not completely unhackable.
That researcher, Patrick Wardle has demonstrated how hackers can do just that. By remotely infecting a Mac with malicious software using one of Safari's vulnerabilities. Apple’s built-in macOS protections can do nothing to stop it.
As Apple machines have risen in popularity, an increase in attacks has followed. Just like when Windows computers were more popular, hackers focused their malicious viruses that direction. That direction has changed to Mac. The days when you could use a Mac without the fear of it being infected are long gone. Wardle’s exploit proves that simply browsing the web in Safari lead to serious problems.
Safari exploit leaves users open to attack
Wardle has revealed how an attacker can take advantage of, the way Safari processes document and URL handlers to inject malware onto a Mac. It starts when a user visits a malicious website.
"Once the target visits our malicious website, we trigger the download of an archive (.zip) file that contains our malicious application,” Wardle explained. “If the Mac user is using Safari, the archive will be automatically unzipped, as Apple thinks it’s wise to automatically open “safe” files."
"This fact is paramount, as it means the malicious application (vs. just a compressed zip archive) will now be on the user’s file-system, which will trigger the registration of any custom URL scheme handlers! Thanks Apple!"
"The malicious website can then run code that causes macOS to launch the malicious application. A popup will ask the user whether they wish to “Allow” or “Cancel” the process, but the text in it is controlled by the attacker and can be deceiving."
It's up to you to keep your Mac safe
Apple’s built-in defenses in macOS can’t protect against this kind of attack. It would require a change in the way in which Safari manages document and URL handlers. Apple could revoke a malicious app’s certificate, but by the time the app is identified, it will be too late for those who have already installed it.
There is something you can do, however. Preventing Safari from opening “safe” files stops this malware before it attacks. All you need to do is select Preferences… in Safari’s menu bar, then uncheck the option to Open “safe” files after downloading.
I know that these articles are scary, but they are only meant to inform you so you can protect your data. Being a smart and educated consumer can save you from the hassle and upset that malware can cause.