Security Researcher: It’s ‘Trivial To Bypass Security Tools On Macs’

Security Researcher: It’s ‘Trivial To Bypass Security Tools On Macs’

At one time, Mac owners could sit smugly in the knowledge that their computer was far safer than a Windows machine. But the rise of Apple brought the rise of hacker interest — and now a researcher claims that it’s “trivial for any attacker to bypass the security tools on Macs”.

Apple includes a series of security measures on OS X, of course — but, as Threat Post reports, Patrick Wardle can find a hole easily enough in all of them. Speaking at the the RSA Conference yesterday, fired off a salvo of criticisms of Mac security. On Gatekeeper, the system that keeps unverified apps from running on OS X, he said:

“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”

Of XProtect, Apple’s anti-malware system, he said it was “trivial to bypass.” While the sandbox technology on OS X — which separates live code from new changes — is apparently “strong, there are plenty of bugs that can bypass it,” he claimed. And as for code signing:

“The code signing just checks for a signature and if it’s not there, it doesn’t do anything and lets the app run. I can unsign a signed app and the loader has no way to stop it from running.”

The overall messages is clear: right now, the security tools in OS X don’t seem to pose too much of a problem for a would-be attackers. With great popularity, though, comes great responsibility — and Apple may just have to up its game a little. [Threat Post]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.