A new adware exploit has been discovered recently. Named “Cavallarin” after its founder, the exploit allows for the unwarranted download of various ads onto the users Mac device, all while being trusted by Apple’s macOS Gatekeeper.
How the Cavallarin Exploit Works
The exploit takes advantage of Mac’s Gatekeeper protection service, allowing for malicious apps to trick the Gatekeeper into thinking they are Apple-certified applications, granting them elevated access to the device. This is a serious concern that Apple has yet to address, even after Filippo Cavallarin approached them with the discovery. When the Gatekeeper is operating properly, it will prompt the user, informing them that the application they are attempting to install is not Apple-certified and could be hazardous. However, if the application takes advantage of the exploit, this prompt will never occur, and the device will become infected.
How to Prevent Your Mac Device from Exploitation
For now, the easiest method of prevention would be to only download applications that are 100% known to be Apple-certified. Even then, it is smart to remain vigilant regarding any application you are download, always airing on the side of caution. For now, with no comment from Apple regarding the exploit yet, it is hard to say when a patch will be created and pushed to users. If you are still worried about the potential exploitation of your device, Intego’s free VirusBarrier Scanner is able to check your system for apps using the exploit. These threats will appear as “OSX/Linker.”