Apple Patches Flaw in macOS Big Sur UpgradeVulnerability Could Lead to Data Loss
Apple has patched a vulnerability in macOS Big Sur 11.2 and 11.3 upgrades that could have resulted in users getting stuck in a boot loop, suffering serious data loss and potentially getting locked out of their data.
See Also: 2020 User Risk Report
The vulnerability arose because the installers fail to check the available disk space, according to Mr. Macintosh, a website that publishes news on Apple and macOS. As a result, the upgrade could result in devices getting stuck in a boot loop. And if the user's device has been encrypted using FileVault, the flaw could result in them being locked out of their data.
The upgrade file requires 35.5GB, while the installer requires 13GB. So, users with more than 13GB of free disk space but less than 35.5GB were particularly vulnerable to this flaw.
"The upgrade will start even if you only have 1% of free space left and will fail," reports Mr. Macintosh, which analyzed the vulnerability. "Your hard drive is now 100% full and the installer is now stuck in a boot loop attempting to finish the install. This leaves you unable to access your data."
On Monday, the publication confirmed that Apple had released a revised version - macOS Big Sur 11.2.1, 20D7 - that checks for disk space, eliminating the flaw.
Released in June 2020, macOS Big Sur is the 17th and current major release of macOS. This version has a new design interface and it is compatible with multiple products.
Apple did not immediately respond to a request for comment.
Bad Patch Management
The flawed update was a case of bad patch management and was unlikely a security issue that would be exploited by attackers, says Joseph Neumann, a director at the security firm Coalfire.
"Attackers really don’t have use for going after this [vulnerability] due to the fact that it’s easier just to deploy ransomware if you have this level of access," Neumann says.
Jon Gulley, senior application security penetration tester at the security firm nVisium, points out that "there is always some risk when updating core systems. Flaws like this one drive home the importance of performing regular backups not just for businesses, but also for consumers. This also underscores the importance of proper quality assurance checks and staged roll-outs so that these issues can be caught early and remedied prior to public release."
Devices running macOS also face new cyberthreats.
In January, security researchers at Sentinel Labs identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero (see: Updated macOS Cryptominer Uses Fresh Evasion Techniques).
That same month, researchers at Intezer Labs uncovered a campaign using a remote access Trojan dubbed ElectroRAT that had been stealing cryptocurrency from digital wallets on Windows, Linux and macOS platforms(see: ElectroRAT Malware Targets Cryptocurrency Wallets).
In December 2020, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. The malware used an updated backdoor and multistage payloads as well as anti-detection techniques to help bypass security tools (see: Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers).