Exploit shared at Defcon; Mac malware can easily bypass Apple’s 3-Layer Defence and Background Task Manager

[Ink]

Content source

https://9to5mac.com/2023/08/14/mac-malware-background-task-manager/

macOS has a number of built-in tools to detect Mac malware, with Background Task Manager added to the defenses last year. However, a security researcher says that this can be trivially bypassed, and that Apple failed to act on his recommendations to fix it.

Patrick Wardle presented his findings at the Defcon hacker conference, making the unusual decision to do so without advising Apple ahead of time.

Apple’s three-layer protection against Mac malware, but it can be easily bypassed​

Security researcher Patrick Wardle last year notified Apple of a number of faults he discovered with the way this works. He knows a thing or two about the challenges of implementing this type of protection as he’d previously created his own tool to do the same job.

But he told Wired that Apple failed to address the more fundamental issues he discussed with the company.

​

Background Task Manager bypasses revealed​

Normally, Wardle would only share details of exploits after Apple has fixed them. In this case, however, he says that the Cupertino company seems to have no interest in doing so, and he has thus chosen to share at the Defcon hacker conference the bypasses he discovered.

One of them requires root access to the target Mac, but two others don’t.

He chose this course of action, he says, because Background Task Manager currently offers a false sense of security to users and security companies alike, who may think this aspect of protecting against Mac malware is already in place.

Related:

• [PAYWALL] An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass
• BlockBlock