A former NSA researcher has found a way to trick Apple’s security system using surprisingly simple tools.
An infected Office document and a .zip file are enough for hackers to take control of devices running macOS, found a former NSA researcher, Patrick Wardle. The security specialist, who currently works for cyber security company Jamf, says that even macOS Catalina systems with all existing security updates are at risk.
The attack requires an Office document saved in .slk format that persuades the target machine to allow Office to activate macros without the user’s consent or notification. The hacker can then exploit two additional vulnerabilities to gain full control of the system.
Apple’s macOS has a very good reputation for privacy and security, and Apple’s devices are considered virtually unbreakable, and Wardle says this encourages users and security professionals to underestimate the threat.
Wardle reported the problem to Apple, but the company has not yet responded publicly to the report.