But according to Patrick Wardle, director of research at Synack , these protections are easy to bypass and the attackers may gain access to Mac.
According to ThreatPost, Wardle said in a talk at the RSA Conference on Thursday:
“It’s trivial for any attacker to bypass the security tools on Macs. If Macs were totally secure, I wouldn’t be here talking.”
Apple claimed that Gate keeper is one of the key technologies that are used to prevent malware from running on OS X machines. It gives users the ability to restrict which apps can run on their computers by selecting to only allow apps from the Mac Apple Store.
But Warlde said, “Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”
When the app is opened, either Gatekeeper knows where it’s from and allows it, or it doesn’t and it shuts the app down. But it doesn’t continually check the app, which Wardle said can be a problem. “It’s trivial to bypass XProtect,” he said.
Warlde found that by recompiling a known piece of OS X malware to change its hash, he could sneak the malware past XProtect and run it on the target computer. OS X also includes a sandboxing feature that can be bypassed with a number of known kernel-level vulnerabilities.
Warld confirmed that on the whole, the security tools in OS X don’t present much of a challenge for attackers right now.