Block/disable NFS client

Question

With the recent news of a Gatekeep bypass bug utilizing NFS to get a shell on a remote system, we are looking to block all client NFS communications on our systems till Apple patches the vulnerability.

We been looking all day for a way to block the NFS client but so far come up with nothing.

Anyone else have any ideas on this?

https://thehackernews.com/2019/06/macos-malware-gatekeeper.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews%28The+Hackers+News+-+Cyber+Security+Blog%29

sdagley · Answer

@r.stiffler If you look at Filippo Cavallarin's post on the subject at https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass he suggests editing /etc/auto_master to disable this behavior for now. Let's hope Apple fixes it soon as that file is covered by SIP under Catalina.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded