At one time, Mac owners could sit smugly in the knowledge that their computer was far safer than a Windows machine. But the rise of Apple brought the rise of hacker interest — and now a researcher claims that it’s “trivial for any attacker to bypass the security tools on Macs”.
Apple includes a series of security measures on OS X, of course — but, as Threat Post reports, Patrick Wardle can find a hole easily enough in all of them. Speaking at the the RSA Conference yesterday, fired off a salvo of criticisms of Mac security. On Gatekeeper, the system that keeps unverified apps from running on OS X, he said:
“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”
Of XProtect, Apple’s anti-malware system, he said it was “trivial to bypass.” While the sandbox technology on OS X — which separates live code from new changes — is apparently “strong, there are plenty of bugs that can bypass it,” he claimed. And as for code signing:
“The code signing just checks for a signature and if it’s not there, it doesn’t do anything and lets the app run. I can unsign a signed app and the loader has no way to stop it from running.”
The overall messages is clear: right now, the security tools in OS X don’t seem to pose too much of a problem for a would-be attackers. With great popularity, though, comes great responsibility — and Apple may just have to up its game a little. [Threat Post]