Researchers Explore Remote Code Injection in macOS

[silversurfer]

Content source

https://www.darkreading.com/endpoint/researchers-explore-remote-code-injection-in-macos/d/d-id/1334567?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.

Malware authors often use code injection to hide activity and bypass security defenses. There are several ways to implement code injection techniques, which run malicious code through unsuspected or legitimate system processes. Malware writes part of the code in a remote process' memory, which executes malicious code not part of the process' original execution flow.

Code injection methods are a hot topic among security researchers; however, much of their work focuses on the Windows operating system given its ubiquity among consumer and business users. However, as macOS grows more common, Deep Instinct decided to pivot its code injection research toward Apple machines. In a new paper published today, security researcher Alon Weinberg digs into their discoveries.

"MacOS is becoming more popular, specifically in the United States," says Shimon Oren, head of threat research at Deep Instinct, in an exclusive interview with Dark Reading.

There is also an impression macOS is more secure than Windows or Android, he continues. While it's true that Apple's operating systems are less susceptible to malware using code injection, they are not immune to it. As Weinberg found, it's still possible for Mac devices to get infected by code execution techniques using remote process hooking. Further, when the malware hits, it's likely to go undetected: the techniques he analyzed bypass several popular security tools for macOS.

"Right now if an attacker wants to use these mechanisms, there is no solution in the marketplace that can protect against it," Oren says. Researchers tested code injection methods across a range of freeware and enterprise solutions for Mac; a handful of tactics evaded all of them.

Even on the Apple of Your Eye: Remote Code Injections in Mac-OS - Deep Instinct

 

[ebocious]

There are plenty of default-deny solutions for Windows, both free and paid. Now we need some for the Mac.

 

[JM Safe]

Every operating system could be vulnerable, in this case we talk about macOS but also others OS that could be though as 100 % safe are vulnerable to malicious activities. If we think for example to Chromebook surely it has a lot of security features (it has a layered in-depth security approach), but it is not 100 % safe and it will never be, this is because a user could click on a fake website which has deceptive content and which is missed by browser filters and insert all his/her personal information on forms and those information could be sent to a malicious remote server and the user could be phished.
It is very important to have safe habits and take security measures to safely browsing the web.