Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Your Macs Aren’t as Secure as You Think
PostedinPrivacy and Security Posted on August 12, 2022

Your Macs Aren’t as Secure as You Think

Posted By Kerry.Hershey

MacOS was built with security in mind, and updates keep adding security enhancements. Even so, one researcher discovered an attack that cuts through all the security layers.

When the Macintosh computer was new, Apple touted the fact that Macs, unlike PCs, didn’t get viruses. We know better now; Macs do get hit with malware, even ransomware. But the fact remains that macOS is intrinsically more secure than Windows. That’s why security researcher Thijs Alkemade’s claim to break through all macOS security layers with one attack is such a gut punch. An excited audience of Black Hat conference attendees, both in-person and virtual, clamored to hear details about this surprising claim.

What Makes MacOS So Secure?

“I’ve been a Mac user all my life,” said Alkemade. “It’s a system I know well. The early Mac platform was based on Unix. In that platform, users are security boundaries but processes are not. For files, every file has an owner, and nine flags define permissions. The root user has full access to modify all files, memory, even the kernel. That was the old model.

“System Integrity Protection (SIP) was introduced in 2015 with El Capitan,” he continued. “It put a security layer between the root users and the kernel, protecting the system from modification even by the root user. Root access is no longer enough to compromise the system. One of the other names for this system is rootless. Some people think it means Apple is going to take root away, like on the iPhone. But actually it just means that root is less powerful. Dangerous operations require entitlements, and each macOS release adds more and more restrictions.

“But…macOS is old, large, and established,” said Alkemede. “A lot of system parts were written before the security model changed. It’s not possible to reconstruct the entire system.”

He listed off several techniques that could be used to enable process injection, but concluded they’re just incidental. “It’s much nicer to have process injection that you can apply everywhere.”

Where’s the Security Hole?

Where’s the weakness? Alkemade didn’t keep listeners in suspense. “It’s in the saved state feature,” he explained. “When you shut down, you check a box if you want an app to reopen when you start again. It even restores unsaved documents. It largely works automatically. Developers don’t have to do anything to use it, but they can extend it.”

The process of saving an app’s state is called serializing, and the serialized data is meant to be encrypted. However, encryption is not required, which allows a clever programmer to abuse this feature. “I create a saved state using a malicious serialized object and write it to the directory of another application’s state. It automatically deserializes and executes within the other app, and can use the entitlements and permissions of that other app, achieving process injection.”

Alkemade walked the audience through the numerous barricades he encountered, and the techniques he evolved to circumvent them. He did admit, “I have to skip a few steps for time reasons and disclosure reasons.” I won’t attempt to explain the details here, as you need to be a programmer to totally grasp them. The key point is, it worked.

What Can You Do With Process Injection

Alkemade detailed three possible uses for the exploit: escape the sandbox, escalate privilege, and bypass System Integrity Protection.

These are extraordinary claims, given those outcomes are practically the Holy Grail of hacking. Bypassing SIP in particular gives your program supreme power. “We can read email or Safari history of all users, or grant ourselves permission to use the microphone or webcam,” explained Alkemade. “Our process is now protected by SIP, which gives it powerful persistence. We can load a kernel extension without the user’s knowledge or permission.”

Should We Worry?

This security hole is already fixed in macOS Monterey, but app developers need to do their part. “Developers can and should make apps accept only secure serialized objects,” said Alkemade. “Apple has already done that with all their apps, but existing third-party apps need to do the same.”

As it turns out, this new protection isn’t just for Monterey. “I just learned that they back-ported it to Big Sur and Catalina,” said Alkemade. “The Catalina release notes are updated, but not those for Big Sur. I got a spontaneous email from Apple asking to share the contents of my talk in advance. Two hours ago I got confirmation that it’s fixed in Big Sur, though I haven’t had time to verify it.”

“Apple keeps adding layers to macOS,” concluded Alkemade. “Adding new layers to an established system is hard, so code written 10 or more years ago is today’s attack surface. More layers may not increase the effort for attackers, not if you can use the same bug to bypass all of them.”

Source: https://www.pcmag.com/news/your-macs-arent-as-secure-as-you-think

Share on Facebook Share on Twitter
Previous Article
Microsoft’s new security tool lets you see your systems like a hacker would
Next Article
ExpressVPN Review 2022: Top Speeds and Competitive Transparency Efforts

About Author

Kerry.Hershey

Related Posts

  • Ransomware access broker steals accounts via Microsoft Teams phishing

    September 13, 2023
  • Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

    September 7, 2023
  • FBI: Hackers Are Having a Field Day With Open-Source AI Programs

    August 10, 2023
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Got a new phone? Don’t forget to transfer your Google Authenticator accounts November 9, 2020 Emerging Technology & News
  • Seagate making progress on second-generation HAMR tech, 30-terabyte HDDs incoming September 23, 2021 Business
  • Buy A New Computer – or Repair The One You Have? June 6, 2010 Archive
  • Surf the Web with IE 9 – Reimage Has Got You Covered September 28, 2010 Archive
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok