Two new Mac exploits discovered recently are good reminders of best practices for staying safe, such as not letting strangers access your computer, staying up to date with software updates, and getting your software from known trusted sources.
The first exploit involves Parallels, the virtual machine that allows the Mac to run Windows, Linux, and older versions of macOS. The vulnerability is on Intel Macs running Parallels and allows an attacker to gain root access by exploiting holes in the Parallels VM creation routine. The attacker needs to have access to the Mac to perform this, however.
Researcher Mickey Jin decided to post about the vulnerability that was reported to Parallels seven months ago, in an attempt to get the company to issue a fix. Parallels has posted a knowledgebase article about the flaw, stating that Parallels Desktop 20.2.2 and Parallels Desktop 19.4.2, which will include fixes, will be issued within this week. Apple silicon Macs are not affected.
The other new exploit, reported by security firm Proofpoint, involves a new malware called FrigidStealer. The attack occurs when a user gets an email containing a URL, and when the user opens it, a webpage launches with an alert stating that the browser needs to be updated. When the Update button is clicked, an installer is saved to the Mac, and the user is instructed to open it by Control-clicking on the app icon and selecting Open from the pop-up menu. Opening the file this way bypasses Gatekeeper, macOS’s built-in security that checks for malicious apps. This then installs the malware.
The FrigidStealer malware attacks have been targeting users outside of North America. If installed, it records information and files related to passwords, browser cookie data, and anything created in Apple Notes.
How to protect yourself
The easiest way to protect yourself from malware is to avoid downloading software from repositories such as GitHub and other download sites. Apple has vetted software in the Mac App Store and is the safest way to get apps. If you prefer not to patronize the Mac App Store, then buy software directly from the developer and their website. If you insist on using cracked software, you will always risk malware exposure.
Never open links in emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from an entity that you do business with, check the sender’s email address, and inspect the URL carefully. If you see a link or button, you can Control-click it, select Copy Link, and then paste it into a text editor to see the actual URL and check it.
Apple releases security patches through OS updates, so installing them as soon as possible is important. It’s also important to update the apps on your Mac, which you can do through the App Store or through the app’s settings. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
