Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Malware Easily Bypasses macOS User Warnings

August 15, 2018

Despite what many Apple fans believe, Apple products are just as susceptible to malware as other devices. Ars Technica reported that Patrick Wardle, a former National Security Agency hacker and macOS security expert, has exposed a major macOS problem in a presentation at Def Con in Las Vegas. Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level. macOS displays an alert or warning when malicious activity is suspected. The presentation showed how to generate a programmatic click to interact or even dismiss such alerts. This "synthetic click," as Wardle called it, works almost immediately and can be done in a way that is invisible to the user. "The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions," Wardle told Ars. "Many of Apple's privacy and security-in-depth protections can be trivially bypassed."

Supposedly, Apple has a fix in the upcoming version of macOS Mojave, thanks to Wardle's research. The discovery show how some security elements are still shaky even with systems that are fairly mature and have been around for a while.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com