Shulou(Shulou.com)11/24 Report--

CTOnews.com, August 15 (Xinhua) at the recent Defcon hacker conference in Las Vegas, security researcher Patrick Werdel (Patrick Wardle) demonstrated a new vulnerability in macOS that can bypass the triple protection mechanism set by Apple to steal sensitive data from devices.

Apple has set up a triple protection mechanism, and the CTOnews.com is briefly summarized as follows:

1. Prevent malware from starting or executing: App Store or access control combined with notarization

two。 Prevent malware from running on customer systems: access control, notarization, and XProtect

3. Fix executed malware: XProtect

Werdel reported to Apple last year a loophole that could bypass the triple protection mechanism and created tools to verify the feasibility.

It's just that Apple has yet to adopt the vulnerability he reported, so he decided to share the bypass attacks he found at the Defcon hacker conference.

Werdel has so far discovered three attacks, one of which requires access to the target Mac device with root privileges, while the other two do not require root privileges.

The translation part of CTOnews.com is as follows:

Werdel also found two vulnerabilities that can be executed without root access to disable the background task manager, which is responsible for sending persistent notifications to users and security monitoring products.

One of the vulnerabilities exploits errors in alerting how the system communicates with the core of the computer operating system, known as the kernel.

Another exploits a vulnerability that allows users, even those who do not have deep system privileges, to put processes to sleep. Wardle found that this feature can be manipulated to hijack persistent notifications before they reach the user.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.