MacOS Big Sur: creating a user profile will be more secure

MacOS Big Sur: creating a user profile will be more secure Cybersecurity

With macOS 11, or Big Sur, Apple is removing the possibility of creating and configuring macOS user profiles from command lines.

Practical but abused functionality

This capability was previously an essential feature of the macOS enterprise software package, allowing system administrators to deploy new configurations throughout the enterprise through automated scripts.

However, this feature was also abused by cyber attackers or strains of adware, because it was silent and did not require any type of user interaction.

Cyber ​​attackers, to access Mac deployment servers or infect a single computer, used a command line to deploy their own malicious configurations in order to bypass proxy settings, modify default applications, etc.

Installing a macOS profile now requires user interaction

However, macOS 11 is the end of the silent installation flaw when it comes to creating a new user profile.

“From macOS Big Sur, it will no longer be possible to completely install profiles using the terminal,” announced Kevin Milden, Interface Designer at Apple, at WWDC 2020.

The designer adds that if we try to install a user profile using the usual command line, then it will be considered “downloaded”, and we will then have to install it manually from the Users panel in System Preferences . Thus, interaction with the user and a physical presence of the user will be necessary to carry out the operation.

Thus, we move from a “silent” technique abused by malware and adware to the need to use social engineering processes, making tactics much less effective.

A novelty acclaimed by the field of cybersecurity

Apple’s decision has already been greeted with joy by the malware community.

“Apple has done EXACTLY what I hoped they would do to deal with the scourge of adware setting up malicious user profiles,” said Thomas Reed, Mac and mobile manager at Malwarebytes, in a tweet.

MacOS 11 Big Sur is expected to be released this fall.

Source: ZDNet.com



Source: www.zdnet.fr

Rate article