Apple in macOS Big Sur 11.3 fixed a bug that could have allowed attackers to bypass the Mac's security mechanisms with a malicious document.

• Mac Os Catalina

The Worst Bugs in OS X Yosemite and How to Fix Them. Shut the Mac off for several minutes and then try again from the beginning. You may have to teach Yosemite about your Bluetooth accessories. 'There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check.' Previous bugs believed to have been fixed in 10.12.3. An obscure bug in Safari which surfaced during battery endurance tests has been fixed. This resulted in shortened endurance if the Safari Develop menu was enabled, and caching turned off there. It is most unlikely to affect ordinary users, it seems.

The software flaw allowed attackers to create a malicious application that could masquerade as a document, TechCrunchreported Monday. Security researcher Cedric Owens first discovered the bug in March.

According to Owens, 'all the user would need to do is double click — and no macOS prompts or warnings are generated.' The researcher created a proof-of-concept app that exploited the flaw to launch the Calculator app.

Although Owens' demonstration app was harmless, a malicious attacker could have leveraged the vulnerability to remotely access sensitive data or other information on a user's machine by tricking them into clicking a spoofed document.

Security researcher and Mac specialist Patrick Wardle also reported that the bug is being actively exploited in the wild as a zero-day vulnerability. He added that the flaw was caused by a logic issue in macOS's code.

Apple told TechCrunch that it patched the bug in macOS Big Sur 11.3, which the Cupertino tech giant released on Monday. In addition to that release, Apple also issued patches for the flaw to macOS Catalina and macOS Mojave.

In addition to patching the specific vulnerability, Apple's macOS Big Sur 11.3 update also includes fixes for a bevy of other security flaws.

macOS Big Sur 11.3 should now be available as an over-the-air update to all users on compatible Macs.

AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.

Around four times more vulnerabilities are discovered in Microsoft Windows systems than Mac OS X but they are patched far quicker, according to new research from Kenna Security.

The vulnerability management firm commissioned the Cyentia Institute to analyze data from nine million assets at 450 organizations, in order to compile its report, Prioritization to Prediction Volume 5: In Search of Assets at Risk.

It revealed that the assets with fewer bugs tend to be patched slower by manufacturers, while those with more are fixed quicker.

For example, it found that a Windows-based asset has an average of 119 vulnerabilities per month: four times the median number found in Mac OS X (32) and 30 times that of network appliances (4).

However, those Windows vulnerabilities are patched within 36 days on average, while it takes an average of one year (369 days) to fix network devices like routers, printers, or Internet of Things appliances.

It was calculated that it takes Apple 70 days on average to release patches for Mac OS X machines, nearly twice as long as Microsoft, and 254 days for Linux/Unix.

Microsoft was found to have a critical patch rate of 83%, with Mac OS X in second (79%), then network appliances/devices (64%) and finally Linux (63%).

This is despite the fact that in the study, researchers found 215 million bugs on Microsoft machines. Although 179 million were fixed, the remaining 36 million exceeded the total number of patched and unpatched vulnerabilities on Mac, Linux, Unix, and network devices combined.

“With automated patching and Patch Tuesdays, the speed at which Microsoft is able to fix critical vulnerabilities on their systems is remarkable, but there still tend to be a lot of them,” said Wade Baker, partner and founder at Cyentia Institute.

Mac Os Catalina

“On the other hand, we see lots of assets like routers and printers where high-risk vulnerabilities have a longer shelf life. Companies need to align their risk tolerance, strategy, and vulnerability management capabilities around these trade-offs.”