Most of the time Mac owners don’t have to take security concerns as seriously as their PC counterparts, as most malware infects Windows computers rather than macOS machines.
Enter the latest malware with the catchy name “CVE-2021-30657.” Security researcher Cedric Owens uncovered this insidious bug and reported it to Apple on March 25, 2021, and a patch was created just five days later.
The bug Owens discovered presented a huge vulnerability impacting all Mac users running recent versions of the Mac operating system. It bypasses all of the security protections within the Mac OS, including Gatekeeper, a system developed specifically to prevent such intrusions, and would, in theory, allow a malicious actor to install malware onto a computer without any evidence that it had occurred. As Owens wrote,
“This payload can be used in phishing and all the victim has to do is double click to open the .dmg and double-click the fake app inside of the .dmg — no pop ups or warnings from macOS are generated.”
Owens credited another coder, Patrick Wardle, for going deeper and helping to figure out what the malicious code might accomplish. Following their work, the team at Jamf showed how the bug could be downloaded through “poisoned search engine results” (pages purporting to be legitimate search results but which actually contain malware). Wardle documented the actions of the bug in great detail on the blog Objective-See, and noted, “This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk.”
Because the bug affects so many Mac users, Apple has already issued a patch to lock down your computer. If you haven’t already done so, it’s critical that you immediately update your macOS to Big Sur version 11.3. If you are still running Catalina and don’t wish to upgrade to Big Sur, be sure to look for the recent security patches for your OS and update accordingly.
In other news
- The truth is out there… and may be revealed soon. According to whistleblower Luis Elizondo, former head of the U.S. Government’s now-disbanded Advanced Aerospace Threat Identification Program, we may all be finding out the truth behind “unidentified aerial phenomena,” or what we all know as UFOs.
The New York Post reports that a new law will require the U.S Government to come clean on what it knows about UFOs. Tied to an appropriations bill passed in 2020, U.S. agencies are required within 180 days of the law’s enactment to divulge data on airborne devices originating from other countries, but also ostensibly information on those of extraterrestrial origin.
Will we finally find out that we’re not alone in the universe? Stay tuned.
- WordPress giving Creative Commons Search a new lease on life. WP Tavern reported that WordPress.org will be the new home for Creative Commons search. Keeping this project alive means that people will continue to be able to find CC-licensed images for their websites, and Automattic (the company that runs WordPress.com) will be sponsoring team members to maintain it.
As WordPress co-founder Matt Mullenweg said on his blog, “I am a long-time supporter of Creative Commons and their influential work on open content licenses… I am eager to give a new home to their open search product on WordPress.org in continued commitment to open source freedoms, and providing this community resource for decades to come.”
- New research confirms what we knew all along. Microsoft recently released the outcome of brain research to help us understand how remote work affects us. The company was particularly interested in how virtual meetings (such as you might experience in Zoom or Microsoft Teams) impact our stress levels and productivity. Their findings:
- Breaks are good, as they allow our brains to reset and therefore reduce stress
- Back-to-back meetings hinder our ability to focus and inclination to interact with colleagues
- The transition period from one meeting to another is stressful
As a result, Microsoft is looking at ways to build in breaks of 5-15 minutes between online calls. But it seems to us that they could have just asked their employees if back-to-back meetings were working for them.
- NYPD “kills” robot dog. Just last week we reported on the New York Police Department’s newest crimefighter, “Digidog,” a robotic dog the department hoped to use for police work. Gizmodo reports that after significant backlash from residents, politicians, and civil liberties groups such as the ACLU, the NYPD has terminated its contract with Boston Dynamics, the creators of the robot.
Tip of the week
Always renew your domains before they expire!
On April 21, Argentinian Nicolas Kuroña discovered the Argentinian Google domain google.com.ar was available for purchase for the low price of US $5.81. As reported in The Business Standard, he scooped it up, shutting down the localized version of Google for about three hours in the process.
While things were quickly resolved, and Google access was quickly restored to Argentina, it serves as a reminder that it’s important to stay on top of your domain expiration dates.
At Namecheap, we will always attempt to contact you several times by email before your domains expire. Or you can keep your domains safe by turning on auto-renewal for each of your domains. This way, you can ensure that you won’t lose your domain and all of the brand recognition and web traffic you’ve built up over time.
[News] Mac owners face critical security bug .