CATEGORIES
home News

Security Researcher Says Your Mac's Malware Protection Is Laughably Easy To Bypass

by Zak KillianFriday, August 18, 2023, 02:52 PM EDT
mac vs pc ads
Windows is insecure and dangerous, and Macs are safe and impenetrable, right? Haha, not so much. Microsoft's operating system certainly has its share of security flaws, but it's actually difficult to say which system software is more vulnerable. That's because intrepid hackers keep finding holes in macOS and its security protections like the one Mac security researcher (and former NSA hacker) Patrick Wardle just found.

At the Defcon hacker conference last weekend, Wardle presented his recent findings regarding Apple's macOS "Background Task Management" system. This is a component of macOS that runs in the background and watches for applications that establish "persistence," meaning essentially that they're installed to the system. When this happens, it's supposed to pop up a notification to alert the user; if you've just installed new software, no problem! If you didn't, though, it could be something malicious.

We say "supposed to pop up a notification" because, as Wardle found out, it's actually pretty easy to keep that from happening. In fact, in his words, "the implementation was done so poorly that any malware that's somewhat sophisticated can trivially bypass the monitoring." He demonstrated three ways to do so, and while one of the methods requires root access on the system—meaning it's not much of a threat—the other two not only don't need root, but in fact can be executed remotely.

mac background items notification
A Background Task Management notification.

Wardle operates a group called the Objective-See Foundation that offers free and open-source macOS security tools. He says that because he's created the same sort of software, he knows what the challenges are. That led him to wonder if Apple had overcome those challenges, and as you already know, it didn't. The security researcher says that "the feature needed a lot of work."

Fortunately for Mac users, these exploits don't actually present a surface of attack in and of themselves. Instead, they simply disable part of Apple's warning system, reducing overall system security. The real concern is that these exploits could be deployed as part of a larger attack, and the user may be none the wiser thanks to the disabled alert notifications.

Because Wardle revealed these bugs at Defcon without notifying Apple, there's no patch for these problems yet, but we expect Apple will have something to soothe scared users soon. In the meantime, stick to the usual security best practices and hope your device doesn't get pwned by another zero-day exploit.
Tags:  Apple, security, (NASDAQ:AAPL), macos
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment