15-year-old Apple OS flaw could allow ‘limitless damage’

Published on: 13 Jun 2018

Hackers may have been “hiding in plain sight” for years on Apple devices after a 15-year-old vulnerability was exposed by a cyber security researcher.

According to researchers at San Francisco-based cloud security company Okta, the flaw allows hackers to install malicious software on devices like MacBooks and from there, access personal, financial and sensitive information by fooling security products into thinking it is safe.

The software could get hackers around antivirus protection by pretending to be Apple, using a technique called ‘code signing’.

Devices running current versions of macOS are said to be at risk, but it is unclear whether any attacks have been carried out as a result of the weakness.

Speaking to the Telegraph, Okta security chief Yassir Abousselham warned: “If you are someone who uses your computer at work and for personal use, they can get potentially install ransomware or get access to anything you do - be it your personal financial information, photos, or critical business intelligence.

“Once you're in, the damage you can do is limitless."

Apple has responded to the news saying that third party vendors such as Google and Facebook were to blame for failing to follow the steps laid out when adding in ‘code signing’ features.