Malware has no trouble hiding and bypassing macOS user warnings

by
Dan Goodin
from Ars Technica - All content on (#3WSGA)
macos-warning.png

(credit: Apple)

Apple works hard to make its software secure. Beyond primary protections that prevent malware infections in the first place, company engineers also build a variety of defense-in-depth measures that are designed to lessen the damage that can happen once a Mac is compromised. Now, Patrick Wardle, a former National Security Agency hacker and macOS security expert has exposed a major shortcoming that generically affects many of these secondary defenses.

In a presentation at the Def Con hacker convention in Las Vegas over the weekend, Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level. When these security measures detect a potentially malicious action, they will block that action and then display an alert or warning. By abusing various programming interfaces built into macOS, malicious code could generate a programmatic click to interact or even dismiss such alerts. This "synthetic click," as Wardle called it, works almost immediately and can be done in a way that is invisible to the user.

"The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions," Wardle told Ars. "Many of Apple's privacy and security-in-depth protections can be trivially bypassed."

Read 9 remaining paragraphs | Comments

index?i=4Eb3n9Gyp8Y:TZ4A5YXN2Kc:V_sGLiPB index?i=4Eb3n9Gyp8Y:TZ4A5YXN2Kc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments