Mozilla has patched twozero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple’s usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.
Ars Technica‘s Dan Goodin:
The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.
3/ We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted. We’re also releasing a set of IOCs that orgs can use to evaluate their potential exposure.
— Philip Martin (@SecurityGuyPhil) June 19, 2019
As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.
Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.
More details can be read at Ars Technica.