Those might seem like decent preventative measures, but as Karim said, the attacker can control much of what’s inside the Safari alert to make their malware appear innocuous. And if the user clicks allow, there will be another request from Apple’s Gatekeeper security feature, which will again ask the user if they really want to install the files. The latest versions of Safari will show a prompt asking the user to confirm they want to run those custom URL schemes. There are some barriers the WindShift hackers had to overcome to successfully infect their targets. This same method wouldn’t have worked on Windows, according to Karim, who said Microsoft had added extra protections to prevent such attacks. Looking across major desktop operating systems, the problem may be unique to Apple.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |