{"id":8157,"date":"2015-04-29T12:30:02","date_gmt":"2015-04-29T16:30:02","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8157"},"modified":"2015-04-29T12:30:02","modified_gmt":"2015-04-29T16:30:02","slug":"researcher-claims-that-attackers-can-easily-bypass-current-osx-security-tools","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/29\/researcher-claims-that-attackers-can-easily-bypass-current-osx-security-tools\/","title":{"rendered":"Researcher claims that attackers can easily bypass current OSX security tools"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/60479-researcher-claims-attackers-can-easily-bypass-current-osx.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/2015-04-24-image-14.png\" alt=\"\" \/><\/a><\/p>\n<p>Most Mac users feel as though they are impenetrable to viruses and malicious software, but according to one researcher that is not the case. While Apple has its fair share if security measures in place, recent data has surfaced suggesting those tools are \u201ctrivial\u201d for any attacker to bypass. For sometime, most people believed that owning a Mac was a safe choice, and that only Windows users could get hacked. However, researcher Patrick Wardle doesn\u2019t seem to think so.<\/p>\n<p>During a talk at the RSA Conference recently, Wardle explained the security measures on OSX are actually full of holes, if a competent hacker chose to exploit them. First up, he said that GateKeeper, Apple\u2019s app verifier, doesn\u2019t check extra content in apps, but rather only the app bundle itself. Meaning that attackers could load a verified app with dangerous extra content and it could, according to Wardle, slide right through Apple\u2019s security.<\/p>\n<p>The researcher went on to say that Apple\u2019s sandbox technology on OSX is quite strong in terms of security, but there were a number of bugs that can be used to bypass it. On top of what Wardle called a\u201ctrivial to bypass\u201d anti-malware system, he also found issues with code signing:<\/p>\n<p>The code signing just checks for a signature and if it\u2019s not there, it doesn\u2019t do anything and lets the app run. I can unsign a signed app and the loader has no way to stop it from running.<\/p>\n<p>It\u2019s hard to imagine, with that many security flaws, that we haven\u2019t seen mass hysteria break out among the Mac crowd. But it is clear that Apple should be looking into these holes, as it is likely only a matter of time before serious issues start to arise.<\/p>\n<p>via <a href=\"http:\/\/www.techspot.com\/news\/60479-researcher-claims-attackers-can-easily-bypass-current-osx.html\" target=\"_blank\">Researcher claims that attackers can easily bypass current OSX security tools &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most Mac users feel as though they are impenetrable to viruses and malicious software, but according to one researcher that [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2,7,9],"tags":[785,1177],"class_list":["post-8157","post","type-post","status-publish","format-standard","hentry","category-apple","category-security","category-software","tag-os-x","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-27z","jetpack-related-posts":[{"id":8004,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","url_meta":{"origin":8157,"position":0},"title":"Latest version of OS X closes Backdoor-like bug that gives attackers root","author":"NCCT","date":"April 10, 2015","format":false,"excerpt":"For at least four years, a bug in Apple's OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered \"root\" privileges over Macs. The vulnerability is being called a \"hidden backdoor\" by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=525%2C300 1.5x"},"classes":[]},{"id":6118,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/is-your-dropcam-live-feed-being-watched-by-someone-else\/","url_meta":{"origin":8157,"position":1},"title":"Is your Dropcam live feed being watched by someone else?","author":"NCCT","date":"August 4, 2014","format":false,"excerpt":"Dropcam, the popular video monitoring camera, bills itself as \u201csuper simple security.\u201d But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point. Patrick Wardle and Colby Moore, both of whom work for security firm Synack, tore\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7380,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/01\/09\/super-cookies-can-track-you-even-in-private-browsing-mode-researcher-says\/","url_meta":{"origin":8157,"position":2},"title":"&#8216;Super cookies&#8217; can track you even in private browsing mode, researcher says","author":"NCCT","date":"January 9, 2015","format":false,"excerpt":"If there's one thing websites love to do it's track their users. Now, it looks like some browsers can even be tracked when they're in private or incognito mode. Sam Greenhalgh of U.K.-based RadicalResearch recently published a blog post with a proof-of-concept called \"HSTS Super Cookies.\" Greenhalgh shows how a\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":8157,"position":3},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3067,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/31\/some-home-automation-systems-are-rife-with-holes-security-experts-say\/","url_meta":{"origin":8157,"position":4},"title":"Some home automation systems are rife with holes, security experts say","author":"NCCT","date":"July 31, 2013","format":false,"excerpt":"A variety of network-controlled home automation devices lack basic security controls, making it possible for attackers to access their sensitive functions, often from the Internet, according to researchers from security firm Trustwave. Some of these devices are used to control door locks, surveillance cameras, alarm systems, lights, and other sensitive\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6054,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/23\/security-expert-details-multiple-undocumented-services-running-on-all-ios-devices\/","url_meta":{"origin":8157,"position":5},"title":"Security expert details multiple undocumented services running on all iOS devices","author":"NCCT","date":"July 23, 2014","format":false,"excerpt":"During a recent hacker conference, forensic scientist and iPhone jailbreaking expert Jonathan Zdziarski outlined a number of undocumented high-value forensic services running on every iOS device. He also found suspicious design omissions in iOS that make data collection easier according to a report from ZDNet. Zdziarski notes that while Apple\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8157"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8157\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}