Bugs Allowed Hackers To Make Malware Look Like Apple Software

An anonymous reader shares a report: For years, hackers could hide malware alongside legitimate Apple code and sneak it past several popular third-party security products for Mac computers, according to new research. This is not a flaw in MacOS but an issue in how third-party security tools implemented Apple's APIs. A researcher from security firm Okta found that several security products for Mac -- including Little Snitch, xFence, and Facebook's OSquery -- could be tricked into believing malware was Apple code, and let it past their defenses. "I can take malicious code and make it look like it's signed by Apple," Josh Pitts, the security researcher at Okta who discovered these bugs, told Motherboard. In a blog post published Tuesday, Pitts explained that the issue lies with how the third-party security tools implemented Apple's code-signing APIs when dealing with Mac's executable files known as Universal or Fat files.

The balances with security products.

[jellomizer]

We all hate virus scanners, and other security products, because they slow our systems way down, they often will slow our systems more then the actual malware would. However the designers need to find some sweet spot on speed of their tools vs effectiveness of these tools. So flaws like this is understandable, because actually validating the signature will take more time to process vs. the current number of malware that uses this trick.

Now that it is known, I expect security companies will now have to fix their code to check for this, and slow our systems down further. Part of the popularity of these closed ecosystems of iOS vs MacOS is the ability to only allow good actors to work on your platform, while blocking any unknown actors (good or bad) from causing harm, reducing the need for external security software which will slow the system down.

Re:The balances with security products.

[drinkypoo]

What I "hate" (that's a strong word) is that there's no Free OS that is based first and foremost around the concept of security. I for one would be happy to give up most of my system's performance for a significant improvement in security, especially if the system were also more reliable. I can have a second system for high-performance tasks.

Most people who are not gamers have much more computing power than they really need now (at least in desktops and laptops) and spend most of their time web browsing. Their systems are mostly idle and they could afford to give away substantial performance in exchange for security.

Re:The balances with security products.

[jellomizer]

OpenBSD or am I walking into a Troll?

However the big issue with OpenBSD is that it isn't designed well for general computing that we do on our PC's. Being everything that is potentially dangerous is closed and/or locked down. It means when ever we need to do something new, we need to consciously turn off a security feature. While great for hosting and servers where such rigor should be the norm. For your PC it can get annoying rather quickly.

 

Re:The balances with security products.

[drinkypoo]

OpenBSD or am I walking into a Troll?
However the big issue with OpenBSD is that it isn't designed well for general computing that we do on our PC's.

OpenBSD wasn't designed for security first, it was developed from BSD. Security was an afterthought. Fixing holes in BSD is their focus, and while it's not a waste of time, it's not the same as designing an OS for security from day one.