Hackers may easily bypass Apple’s security features

Apple has increased the security of its products with the addition of new security features such as Gatekeeper and XProtect to OS X in order to protect users from malicious content. These features were included in response to a rising threat of malware.

But according to Patrick Wardle, director of research at Synack , these protections are easy to bypass and the attackers may gain access to Mac.

According to ThreatPost, Wardle said in a talk at the RSA Conference on Thursday:
“It’s trivial for any attacker to bypass the security tools on Macs. If Macs were totally secure, I wouldn’t be here talking.”

Apple claimed that Gate keeper is one of the key technologies that are used to prevent malware from running on OS X machines. It gives users the ability to restrict which apps can run on their computers by selecting to only allow apps from the Mac Apple Store.

But Warlde said, “Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”

When the app is opened, either Gatekeeper knows where it’s from and allows it, or it doesn’t and it shuts the app down. But it doesn’t continually check the app, which Wardle said can be a problem. “It’s trivial to bypass XProtect,” he said.

Warlde found that by recompiling a known piece of OS X malware to change its hash, he could sneak the malware past XProtect and run it on the target computer. OS X also includes a sandboxing feature that can be bypassed with a number of known kernel-level vulnerabilities.

Warld confirmed that on the whole, the security tools in OS X don’t present much of a challenge for attackers right now.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...