A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.
Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple’s defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple’s Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from the Mac App Store.
Apple’s built-in mechanisms – Gatekeeper, XProtect anti-malware, sandboxing and kernel code-signing requirements – are “easy to get around” and “trivially exploitable”, according to Wardle.
Wardle said he worked closely with Apple’s internal security teams describing them as “responsive” while noting the wider consumer electronics firm had yet to embrace a culture where “comprehensive security is baked into their OS X systems” from the onset. By contrast to OS X, iOS has solid security baked in, according to Wardle.