Click to Skip Ad
Closing in...

How hackers can get past one of macOS’s best defenses against malware

Published Aug 14th, 2018 11:34PM EDT
MacOS malware
Image: Apple

The old line about Macs not getting viruses is sadly just a bad joke these days. Mac malware is alive and well, and just as with Windows, Apple’s software developers play a fun game of hide and seek with hackers when it comes to defenses.

One of the most ubiquitous defenses in all operating systems are user warnings, the pop-up boxes that sometimes appear and prompt you for confirmation that yes, this is a thing you want to do. It’s a defense against one rogue click accidentally installing all manner of software and giving it new permissions or access.

But according to Ars Technica, “a former National Security Agency hacker and macOS security expert” has found a way to get around user warnings. The hacker found that macOS has an interface that converts keyboard presses into mouse actions, and worse, macOS interprets two mouse-down actions the same as clicking ‘OK.’ As a result, he said it was “trivial” to write a few lines of extra code to bypass a user warning, giving his malware the ability to access geolocation, contacts, or calendar information without the appropriate permissions.

“The ability to synthetically interact with a myriad of security prompts allows you to do a lot of malicious stuff,” the hacker told Ars. “This privacy and security-in-depth protection can be easily bypassed.”

The exploit is reportedly fixed in the upcoming version of macOS Mojave, thanks to Wardle’s research. It also wouldn’t have got past security prompts that requrie entering a password, rather than just clicking OK. Still, the discovery that supposedly-fundamental security mechanisms can be bypassed by such an easy “hack” again demonstrates how shaky some security elements still are.