Here at Macworld, we advise users to update their operating system as soon as possible after Apple releases one. A recent report by Thijs Alkemade, security researcher at cybersecurity firm Computestreminds, reminds us of the main reason: they often contain critical security patches.
As reported by Wired, the macOS vulnerability was discovered in macOS’ Saved State feature, which automatically reopens open apps and files when you restart a Mac. Alkemade, who discovered the hole in December 2020, was able to successfully perform a process injection attack against the Mac’s saved state. He was then able to bypass several other Mac security features and then access the user files, change system settings, and use the webcam. Wired said there is no evidence that this bug has been used in the real world.
The bug, which was filed as CVE-2021-30873 in the National Vulnerability Database, was addressed with the macOS Monterey 12.0.1 update released on October 25, 2021. For macOS Catalina, a support document that the security update 2021 -007 released on October 24, 2021 contains a patch for the same vulnerability. There doesn’t seem to be a patch available for Big Sur. Versions of macOS earlier than Catalina (version 10.14.6 Mojave and earlier) are considered unsupported or outdated by Apple. A similar bug has also been fixed in iOS 14.5 and iPadOS 14.5.
A blog post on the Computest website explains the attack in detail and also shows how the solution can be seen with Xcode, Apple’s integrated development environment (IDE) app for writing software. It’s all very technical, but you don’t have to be an engineer to understand this caveat: “If we are exempt from the restrictions of the SIP file system, we can read all files from secure locations, such as the Mail.app mailbox of the user,” writes Alkemade. “We can also modify the TCC database, which means we can give ourselves permission to access the webcam, microphone, etc.”
Alkemade also presented his findings at the Black Hat 2022 conference last week and his presentation slides are available online. Security researchers often disclose their findings after reporting to the affected companies and fixing vulnerabilities.
Updates to macOS are free. An internet connection is required and your Mac must be restarted. Please allow about 30 minutes to complete the installation. These are the steps to perform the installation:
- Go to System Preferences in the Apple menu
- click on Software update.
- Your Mac checks for updates. If yes, a to install button will appear. Click on it and your Mac will start downloading the update. After that it will start the installation.