![]() ![]() Reed says that developers could help reduce the potential exposure by building in voluntary periodic code signature checks throughout the life of an app. In some cases, updating an application might trigger a code check or write over any malicious manipulations, but Reed says this isn't reliable, since many developers only build in a code signature check for the update code and not the base application itself. "A script kiddie could pull off something like this." ![]() And if it manages to infect other legitimate programs after being downloaded, it could evade detection indefinitely. This means that attackers who buy a legitimate certificate from Apple-or steal one-can potentially trick Mac users into installing their malware. But Reed, who is the director of Mac and mobile platforms at the security firm Malwarebytes, has noticed that once a program passes a code signature check and gets installed, macOS never rechecks its signature. These code signature checks are a vital security step. By checking a file's code signature, Gatekeeper can warn you if a program is malware or if someone has tampered with an otherwise benign installer. All legitimate programs have to be "code signed" to establish their validity and integrity. When you launch an app installer in macOS, a program called Gatekeeper checks to see whether the app originated from the Mac App Store, or is cryptographically signed by a developer who has registered with Apple. ![]() That's why more subtle approaches are significant.Īt the Virus Bulletin security conference in Montreal on Wednesday, Mac security researcher Thomas Reed is presenting one such potentially dangerous opening. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Malware on Apple's MacBook and iMac lines is more prevalent than some users realize it can even hide in Apple's curated Mac App Store. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |