2023-08-14 16:07:30
Security researcher Patrick Wardle presented at a conference organized as part of the last Defcon its latest findings in terms of security under macOS. He was particularly interested in the mechanism introduced with macOS Ventura which is responsible for monitoring apps that can run in the background. In theory, the system should notify you as soon as an app wants to run in the background and perform tasks even when not open. This security should allow you to spot a malicious app and allow you to act in time, but malware can easily circumvent it.
Image @patrickwardle
Patrick Wardle found several flaws in macOS Ventura that can be easily exploited by malware. Depending on the vulnerability used, root access may be necessary, but this is not always the case and even so, we know that this is not sufficient security. Malware creators have no shortage of ideas for asking for a Mac’s admin password and once in possession, they have that root access.
The other methods are more subtle, as they involve hiding the notification before it appears. The researcher had notified Apple of several even grosser flaws when macOS Ventura is released and the manufacturer had fixed them with macOS 13.3. However, there are still others and it seems that the company has not sought to further test this new protection module in its system.
Patrick Wardle decided this time not to notify Apple in advance, noting with Wired that we return to the situation before macOS Ventura. Even so, he cautions against the false sense of security that these new protections can provide. That’s why he published his findings, hoping that Apple fixes this barrier against malicious applications for good. His presentation was also an opportunity to detail how to identify malware that has exploited these security vulnerabilities, enough to hope for better protection by installing a good tool.
1692029823
#Malware #easily #bypass #macOS #Venturas #protections