Watanni uku da suka gabata, an gano wani rauni a cikin aikin Mai tsaron Ƙofar, wanda ya kamata ya kare macOS daga software mai illa. Ba a dau lokaci mai tsawo ba sai yunƙurin cin zarafi na farko ya bayyana.
Duk da haka, kwararre kan tsaro Filippo Cavallarin ya gano matsala game da sa hannun app ɗin da kansa. Lallai, ana iya ƙetare sahihancin sahihancin ta wata hanya.
A cikin sigar sa na yanzu, Mai tsaron ƙofa yana ɗaukar abubuwan tafiyarwa na waje da ma'ajiyar hanyar sadarwa a matsayin "wuri masu aminci". Wannan yana nufin yana ba da damar kowane aikace-aikacen yin aiki a waɗannan wuraren ba tare da sake dubawa ba ta wannan hanyar, ana iya yaudare mai amfani da shi cikin rashin sanin abin hawa ko ajiya. Duk wani abu da ke cikin wannan babban fayil ɗin yana cikin sauƙi ta hanyar Mai tsaron ƙofa.
A wasu kalmomi, aikace-aikacen da aka sa hannu guda ɗaya na iya buɗe hanya ga wasu da yawa waɗanda ba a sanya hannu ba. Cavallarin ya ba da rahoton rashin tsaro ga Apple sannan ya jira kwanaki 90 don amsawa. Bayan wannan lokacin, yana da damar buga kuskuren, wanda a ƙarshe ya yi. Babu wani daga Cupertino da ya amsa yunƙurin nasa.
Ƙoƙarin farko na yin amfani da raunin rauni ya kai ga fayilolin DMG
A halin da ake ciki, kamfanin tsaro na Intego ya gano yunƙurin yin amfani da ainihin wannan raunin. A ƙarshen makon da ya gabata, ƙungiyar malware sun gano ƙoƙarin rarraba malware ta hanyar amfani da hanyar da Cavallarin ya bayyana.
Kwaron da aka kwatanta da farko ya yi amfani da fayil na ZIP. Sabuwar dabarar, a gefe guda, tana gwada sa'arta tare da fayil ɗin hoton diski.
Hoton diski ya kasance ko dai a tsarin ISO 9660 tare da tsawo na .dmg, ko kuma kai tsaye a tsarin Apple's .dmg. Yawanci, hoton ISO yana amfani da kari na .iso, .cdr, amma ga macOS, .dmg (Hoton Apple Disk) ya fi kowa yawa. Ba shine karo na farko da malware ke ƙoƙarin yin amfani da waɗannan fayilolin ba, a fili don guje wa shirye-shiryen anti-malware.
Intego ya kama jimillar samfuran guda huɗu daban-daban da VirusTotal ya kama a ranar 6 ga Yuni. Bambanci tsakanin binciken mutum ya kasance cikin tsari na sa'o'i, kuma duk an haɗa su ta hanyar hanyar sadarwa zuwa uwar garken NFS.
OSX/Surfbuyer adware da aka canza azaman Adobe Flash Player
Masana sun sami nasarar gano cewa samfuran suna kama da OSX/Surfbuyer adware. Wannan adware malware ne wanda ke bata wa masu amfani rai ba kawai yayin binciken yanar gizo ba.
Fayilolin sun zama kamar masu sakawa Adobe Flash Player. Wannan shine ainihin hanyar da masu haɓakawa ke ƙoƙarin shawo kan masu amfani don shigar da malware akan Mac ɗin su. Samfurin na huɗu ya sanya hannu ta hanyar asusun mai haɓakawa Mastura Fenny (2PVD64XRF3), wanda aka yi amfani da shi don ɗaruruwan masu saka Flash na karya a baya. Duk sun faɗi ƙarƙashin OSX/Surfbuyer adware.
Ya zuwa yanzu, samfuran da aka kama basu yi komai ba illa ƙirƙirar fayil ɗin rubutu na ɗan lokaci. Saboda aikace-aikacen suna da alaƙa da ƙarfi a cikin hotunan diski, yana da sauƙi don canza wurin uwar garken a kowane lokaci. Kuma wannan ba tare da gyara malware da aka rarraba ba. Don haka akwai yuwuwa waɗanda suka ƙirƙira, bayan gwaji, sun riga sun tsara aikace-aikacen “samarwa” mai ɗauke da malware. Ba sai an kama shi da VirusTotal anti-malware ba.
Intego ya ba da rahoton wannan asusun mai haɓakawa ga Apple don a soke ikon sa hannun takardar shedar.
Don ƙarin tsaro, ana ba masu amfani shawarar shigar da ƙa'idodi da farko daga Mac App Store kuma suyi tunanin asalinsu lokacin shigar da ƙa'idodi daga tushen waje.
Petr Shakuta 
Amaya Toman 
Daniel Hruska 