Apple’s recent security patch for a critical vulnerability in Mac systems has already been circumvented by hackers. Security researchers identified a new technique called Clickfix that allows attackers to exploit the flaw despite Apple’s fix. The flaw, tracked as CVE-2024-23301, affected MacOS systems and enabled remote code execution through malicious web content.
Apple released an emergency update on March 12 to address the issue. The company stated the vulnerability had been exploited in limited attacks before the patch. However, within days, security firm Jamf reported that hackers had developed a workaround using the Clickfix method. This technique bypasses the security measures Apple implemented, allowing attackers to regain access to compromised systems.
The discovery highlights the ongoing cat-and-mouse game between tech companies and cybercriminals. Apple’s security team works continuously to patch vulnerabilities, but attackers adapt quickly. Experts warn that such bypasses are common after major security updates, as hackers reverse-engineer fixes to find new entry points.
Jamf’s findings were confirmed by independent researchers. They noted that the Clickfix technique relies on tricking users into clicking malicious links or files. Once executed, it grants attackers control over affected Mac systems. Apple has not yet responded to requests for comment on the bypass.
This incident underscores the challenges of cybersecurity in an era of rapid digital threats. Companies must act fast to close gaps, but attackers often find new ways to exploit weaknesses. Users are advised to install updates immediately and remain cautious of unsolicited links or files.
Source: digi.no