There are two new reports of Mac malware in the wild, with the first of them set to be blocked by an update expected this week.
There’s no word yet on a fix for the second, but you’d have to be a pretty naive Mac user to fall for it …
Mac malware exploits Parallels vulnerability
Macworld reports that the first was publicly revealed by security researcher Mickey Jin after he spent seven months trying to get Parallels to fix it.
The exploit involves Parallels, the virtual machine that allows the Mac to run Windows, Linux, and older versions of macOS. The vulnerability is on Intel Macs running Parallels and allows an attacker to gain root access by exploiting holes in the Parallels VM creation routine.
Admittedly it wasn’t a major threat, as an attacker would need physical access to your Mac to apply it, but the company has now said it will plug the hole this week.
Parallels has posted a knowledgebase article about the flaw, stating that Parallels Desktop 20.2.2 and Parallels Desktop 19.4.2, which will include fixes, will be issued within this week.
FrigidStealer
A second example, FrigidStealer, can be remotely exploited, and it aims to steal your passwords. However, only a naive Mac user would fall for it, as you’d have to first be fooled into clicking on a link and then follow instructions to bypass Gatekeeper.
The attack occurs when a user gets an email containing a URL, and when the user opens it, a webpage launches with an alert stating that the browser needs to be updated. When the Update button is clicked, an installer is saved to the Mac, and the user is instructed to open it by Control-clicking on the app icon and selecting Open from the pop-up menu. Opening the file this way bypasses Gatekeeper, macOS’s built-in security that checks for malicious apps. This then installs the malware.
The usual safety precautions apply. Never click on a link you weren’t expecting, and for sensitive sites always access using your own bookmarks. Only install software from the Mac App Store or from the websites of developers you trust.
Photo by Philipp Katzenberger on Unsplash
FTC: We use income earning auto affiliate links. More.
