New Apple macOS Big Sur feature to hamper adware operations

Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs.

macos-silent-profiles.png

Security

Everything you need to know about viruses, trojans and malicious software

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Read More

With macOS 11, also known as Big Sur, Apple has removed the ability to install macOS profile configurations from the command-line.

This ability was previously a core feature of macOS' enterprise package, which allows system administrators to deploy new configurations company-wide via automated scripts.

However, the ability to deploy a new profile config via the command-line has also been abused by malware gangs or adware strains, who used it because it was silent and didn't require any type of user interaction.

Hackers or malware authors who gained access to Mac Deployment servers or who infected just one Mac, abused the command-line to deploy their own malicious configurations to hijack proxy settings, change default apps, and more.

Installing a macOS profile now requires user interaction

However, with macOS 11, and going forward, the ability to use the command-line to install a new profile has been modified to remove the "silent installation" loophole.

"As of macOS Big Sur, you will no longer be able to completely install profiles using Terminal," Kevin Milden, Interface Designer at Apple, announced in a talk at the WWDC 2020 conference last week.

"When you attempt to install a profile via the command-line, it would treat it as it was 'downloaded' and you will have to complete the install in the profile system preferences pane manually," Milden added.

This means that user interaction and physical access to a system will be needed to complete the operation.

Effectively, this turns a "silent" technique abused by malware/adware into an attack vector that will require some sort of "social engineering," making it many times less effective.

Apple's move has already been greeted with joy by the malware-fighting community.

"Apple has done EXACTLY what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles," Thomas Reed, Director of Mac & Mobile at Malwarebytes, said in a tweet last week.

macOS 11 Big Sur is scheduled to be released later this fall.