RSA 2015: Myth or Security on Mac

Tools available on Mac computers designed to protect users from malicious content can easily be circumvented, according to a security researcher.Apple Mac

Speaking at the RSA conference in San Francisco on Thursday, SYNACK's research director Patrick Wardle described how the two security tools used in OS X can be bypassed to run malicious software.

Wardle, according to ZDNet stated: “If Macs It was absolutely safe, I would not be here to speak. "

The two security features, Gatekeeper and XProtect, were added to the most recent versions of OS X in response to growing threats from malware.Gatekeeper

The Gatekeeper feature has been added to OS X 10.8 "Mountain Lion", and restricts how applications can be opened and run on a computer. Most apps are set to be verified through the Apple App Store, or by trusted developers. XProtect, a rudimentary malware scanner for Mac and added by OS X 10.6 "Snow Leopard." It can also block specific applications and plugins if they have known vulnerabilities.

"Gatekeeper does not verify the content of applications," Wardle said. When an application goes to run, either Gatekeeper knows where it is from and allows it to start or it does not know and does not let the application start. He does not constantly monitor the application, which according to Wardle could be a problem.

"So if I can find an Apple-approved app and convert it to load external content when the user runs it, Gatekeeper can be bypassed."

He also stated that XProtect was very easy to bypass.

A recompiling to a known sample of malware can change its hash, so Wardle was able to pass malware under the XProtect.XProtect

In addition, although he called the XProtect sandboxing feature "strong", it can still be bypassed with a number of known kernel-level vulnerabilities.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).