Hackers may easily bypass Apple’s security features

Apple has increased the security of its products with the addition of new security features such as Gatekeeper and XProtect to OS X in order to protect users from malicious content. These features were included in response to a rising threat of malware.

But according to Patrick Wardle, director of research at Synack , these protections are easy to bypass and the attackers may gain access to Mac.

According to ThreatPost, Wardle said in a talk at the RSA Conference on Thursday:
“It’s trivial for any attacker to bypass the security tools on Macs. If Macs were totally secure, I wouldn’t be here talking.”

Apple claimed that Gate keeper is one of the key technologies that are used to prevent malware from running on OS X machines. It gives users the ability to restrict which apps can run on their computers by selecting to only allow apps from the Mac Apple Store.

But Warlde said, “Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”

When the app is opened, either Gatekeeper knows where it’s from and allows it, or it doesn’t and it shuts the app down. But it doesn’t continually check the app, which Wardle said can be a problem. “It’s trivial to bypass XProtect,” he said.

Warlde found that by recompiling a known piece of OS X malware to change its hash, he could sneak the malware past XProtect and run it on the target computer. OS X also includes a sandboxing feature that can be bypassed with a number of known kernel-level vulnerabilities.

Warld confirmed that on the whole, the security tools in OS X don’t present much of a challenge for attackers right now.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...