Security Researcher: It's "Trivial to Bypass Security Tools on Macs"

By Jamie Condliffe on at

Mac owners have often sat smugly in the knowledge that their computer was far safer than a Windows machine. But the rise of Apple brought the rise of hacker interest — and now a researcher claims that it’s “trivial for any attacker to bypass the security tools on Macs”.

Apple includes a series of security measures on OS X, of course. But, as Threat Post reports, Patrick Wardle can find a hole easily enough in all of them. Speaking at a security conference yesterday, he fired off a salvo of criticisms of Mac security. On Gatekeeper, the system that keeps unverified apps from running on OS X, he said:

“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper. It only verifies the app bundle.”

Of XProtect, Apple’s anti-malware system, he said it was “trivial to bypass”. While the sandbox technology on OS X, which separates live code from new changes, is apparently “strong, there are plenty of bugs that can bypass it,” he claimed. And as for code signing:

“The code signing just checks for a signature and if it’s not there, it doesn’t do anything and lets the app run. I can unsign a signed app and the loader has no way to stop it from running.”

The overall messages is clear: right now, the security tools in OS X don’t seem to pose too much of a problem for would-be attackers. With great popularity, though, comes great responsibility. Apple may just have to up its game a little. [Threat Post]