Exploit shared at Defcon; Mac malware can easily bypass Apple’s 3-Layer Defence and Background Task Manager


Thread author
Staff Member
Jan 8, 2011
macOS has a number of built-in tools to detect Mac malware, with Background Task Manager added to the defenses last year. However, a security researcher says that this can be trivially bypassed, and that Apple failed to act on his recommendations to fix it.

Patrick Wardle presented his findings at the Defcon hacker conference, making the unusual decision to do so without advising Apple ahead of time.

Apple’s three-layer protection against Mac malware, but it can be easily bypassed​

Security researcher Patrick Wardle last year notified Apple of a number of faults he discovered with the way this works. He knows a thing or two about the challenges of implementing this type of protection as he’d previously created his own tool to do the same job.

But he told Wired that Apple failed to address the more fundamental issues he discussed with the company.

Background Task Manager bypasses revealed​

Normally, Wardle would only share details of exploits after Apple has fixed them. In this case, however, he says that the Cupertino company seems to have no interest in doing so, and he has thus chosen to share at the Defcon hacker conference the bypasses he discovered.

One of them requires root access to the target Mac, but two others don’t.

He chose this course of action, he says, because Background Task Manager currently offers a false sense of security to users and security companies alike, who may think this aspect of protecting against Mac malware is already in place.


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.