MacOS 11 Big Sur will close a back door that cybercriminals have used to inject adware and other malicious programs. Under the new OS version, it is no longer possible to install configuration profiles from the command line without the user’s knowledge.
The function was previously part of the macOS Enterprise Package. It allows administrators to set up new configuration profiles company-wide using automated scripts. It was popular with hackers because it also allowed malware to be installed without user interaction.
For this purpose, it was only necessary to maintain control of a Mac deployment server or at least to infect a Mac with malware. Then they could apply their own configuration via the command line and, for example, change the standard apps or edit the proxy settings.
The installation of profiles via the command line is still possible, but not without user interaction. “As of macOS Big Sur, you can no longer fully install profiles via Terminal,” said Kevin Milden, Interface Designer at Apple, during a lecture at WWDC 2020. Profiles installed from the command line are treated as if they were downloaded from the Internet. Users would have to complete the process manually.
It is not out of the question that malware will continue to be introduced via configuration profiles in the future, but the new restrictions make the method more ineffective or require more social engineering, i.e. better deception of users.
Apple received praise for the change from security provider Malwarebytes, among others. “Apple did exactly what I hoped to do to deal with the plague of adware that installs malicious configuration profiles,” said Thomas Reed, Mac & Mobile director at Malwarebytes.
macOS 11 Big Sur is currently only available as a developer version. A public beta test is expected to start later this month. The final version is expected in autumn.