Ex NSA Hacker Finds Security Flaw in macOS


Dr. Alexander Fleming famously discovered penicillin by accident.

He found the mold growing in his lab, leading to one of the greatest advances in human history — a cure for deadly infectious diseases. That’s like Patrick Wardle’s story — without the mold.

The software security expert accidentally copied the wrong code and discovered a bypass to “do a lot of malicious stuff” to Apple products. Here’s how it happened.

Accidental Discovery

Wardle, a former National Security Agency hacker, was testing an old macOS attack. He copied and pasted the wrong code, and ran it.

To his surprise, it allowed him to post synthetic clicks to security alerts. Basically, it bypassed Apple security and opened the door for malicious attacks.

“The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions,” he told Ars Technica. “Many of Apple’s privacy and security-in-depth protections can be trivially bypassed.”

Wardle demonstrated the problem at a Def Con hacker convention in Las Vegas. Ars Technica said he exposed “a major shortcoming” in the macOS.

“Almost Embarrassed”

As the developer of the Objective-See Mac tools, Wardle informed Apple of the security issue. He said he wasn’t trying to find a bypass.

But it happened, and it wasn’t hard to do. He said it raises questions about the company’s foundational security mechanism.

“If a security mechanism falls over so easily, did they not test this?” he asked. “I’m almost embarrassed to talk about it.”

Related Resources:




Source link

JOIN OUR NEWSLETTER
I agree to have my personal information transfered to MailChimp ( more information )
Join over 3.000 visitors who are receiving our newsletter and learning new ways to make money everyday and you could too.
We hate spam. Your email address will not be sold or shared with anyone else.