back to article Legacy app whitelist can be abused to bypass latest macOS security defenses, expert warns

Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apple's legacy app support. Digita Security chief research officer Patrick Wardle explained during a presentation at the Objective By the Sea conference in Monte Carlo this week how malicious …

  1. Dan 55 Silver badge

    La la la, Apple can't hear you

    What Wardle found was that Apple's whitelisting mechanism only checks the cryptographic signatures of applications' executables, not every piece of additional code that they load and run, such as plugins.

    Which is exactly the same well-known problem that Gatekeeper has.

    Presumably in any dev meeting about this feature someone should have piped up with this problem. Were they dragged away for re-education?

  2. Cronus

    It's certainly a hole but I'm not sure how you'd work around this without breaking legacy apps. Presumably not breaking legacy apps includes not breaking popular plugins that might have legitimate reasons to access restricted resources.

    1. Nick Kew Silver badge

      Require plugins to be individually signed? Again, with a whitelist for trusted legacy stuff.

      Unsigned plugins are unsigned executables, and as soon as you allow them on a system, all bets are off. Hence sandboxing to limit what an untrusted program can do. In Apple's case, I'd be inclined to worry about them getting over-zealous, and limiting my ability to breach my own sandbox. I already have to jump through hoops to compile and run "HelloWorld" with gcc on Mac.

  3. Blockchain commentard Silver badge
    Facepalm

    Seems like designing pretty icons to sit inside a pretty box isn't enough to protect users.

  4. Cavehomme_ Bronze badge
    WTF?

    This kind of news needs spreading very far and wide. Only once enough people burst the bubble will Apple take notice.

  5. fajensen Silver badge
    Trollface

    Not breaking Legacy Apps ... Would that include keeping features that the NSA relies on, to not break their apps?

  6. Donn Bly

    Legacy Applications

    Apple is now seeing the collateral damage caused by trying to maintain backwards compatibility with old applications -- something with which Microsoft's desktop operating systems have had to contend for years (and by doing so were largey security failures).

    Upgrades are often a lose-lose proposition. Either they orphan the old applications (like they did when OSX came out) and take the heat on that, or they support the old applications and leave security holes. There is no middle ground. The only question is which way leaves them less liable in a lawsuit.

    In the end, users run run applications not operating systems. If their applications won't run on your operating system they won't use it no matter how secure it may be. {{ Insert linux on the desktop reference here }}

  7. ITS Retired
    Linux

    Unlike Windows breaking legacy programs, including the current operating system, but not increasing any security.

  8. Ian Joyner Bronze badge

    Not ruined my day

    Can't see how it ruins Apple developers (software people aren't engineers) day. The problem is backwards compatibility. Apple have taken the middle route. If they had broken compatibility, you can be assured there would have been an outcry – probably led by outlets like The Register.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019