BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to Macworld's audience. The Macworld editorial team does not participate in the writing or editing of BrandPosts.
Apple’s operating system recently came under fire from vulnerabilities – both trivial and not – and malware designed to specifically compromise user data and privacy. While macOS users are under the false belief that malware is scarce for Apple’s OS, recent news about the FruitFly malware that’s been around for 13 years has raised new security questions about the likelihood of your Mac getting infected.
One of the most common ways to trick users into installing malware is by rigging popular applications with malicious code. While the Transmission app that delivered ransomware was one of the most noteworthy incidents of 2016 – it was the first time ransomware ever targeted Macs – the Proton app replicated the same attack vector. With more than 1 million downloads, the legitimate Proton app was weaponized with malicious code – in this case, a Remote Access Trojan – to steal data from unsuspecting victims.
Malware isn’t usually region specific, but it does seem that US users are more affected by macOS malware than anyone else. Our telemetry has shown that 25.03% of all Mac threats – ranging from potentially unwanted applications to Trojans and ransomware – are gunning for the United States.
Apple’s macOS recently came under fire after an update revealed that it’s possible to log in as “root” – for full administrative privileges – without typing in any password for authentication.
Since it’s a Unix-based operating system, average users don’t have full administrative privileges when performing regular tasks, such as browsing or editing documents. However, a “root” user has the highest level of privilege, meaning he can fully interact with the operating system and add, remove, or edit any system files.
Root privileges are usually protected by a password – or at least should be – to prevent inadvertent tampering. Because the update appears to allow anyone to simply log in with the “root” username without a password, this is a major security vulnerability that can be heavily exploited.
A recently discovered vulnerability in macOS allows for full system compromise of macOS versions dating back 15 years. Residing in the "IOHIDFamily" component – notoriously used in the past to exploit various race conditions leading to system compromise – the vulnerability doesn’t seem remotely exploitable by itself, although it has existed for at least 15 years.
Triggered only by local access to a Mac, all macOS versions up to 10.13.1 appear to be affected. Security researcher Siguza warns that the vulnerability can still be weaponized to be remotely exploitable if a “sleeper program” – or malware with similar behavior – simply waits for the user to log out, reboot, or shut down, before activating the vulnerability.
“It acts as if the user had actually chosen to log out via the GUI - which means that apps with unsaved changes can still abort the logout, or at least prompt for confirmation (an example for this is Terminal with a running command),” according to Siguza’s detailed technical post on the vulnerability. “But second, alternatively to a logout, a shutdown or reboot will do as well. This makes for an interesting possibility: we could write a sleeper program and just wait for conditions to become favorable - I have no access to any statistics, but I’d assume most Macs are eventually shut down or rebooted manually, rather than only ever going down as the result of a panic.”
A recent vulnerability in Apple’s HomeKit framework that lets developers build apps for connected devices may also have enabled hackers to remotely control those devices. Considering that some smart locks and other Internet-connected devices around the house were also HomeKit-enabled, the risk was high that hackers could turn into actual burglars.
While Apple quickly patched the HomeKit vulnerability by issuing a server-side update, few details are known about how the actual exploit works, apart from that it’s “difficult to reproduce.” If an attacker compromised any Internet of Things (IoT) device connected to your home network – regardless of whether it’s a smart lock, a smart refrigerator, or even a toaster – he could potentially infect other network-connected devices.
It’s common practice for users to connect all their devices to the same home network, meaning that if your smart lock is compromised, your laptops, Macs, and even your mobile devices can potentially be infected. Hackers rarely stop at compromising one device. Since a user’s most valuable data often resides on his phone or laptop, the consequences of losing that information would be dire.
Apple’s macOS is still privileged from a security standpoint, despite gaining increasing attention from cyber crooks as its popularity has grown in recent years. And because of the rise of platform-agnostic threats, such as phishing scams, Mac users have all the more reason to lock down their device before they take it on the Internet.
Today we’re going to look at five simple steps that all Mac users – even novices – can take to ensure the integrity of their data and online privacy, as well as the security of their computer.
Apple’s macOS is often seen as somewhat sheltered from garden-variety malware outbreaks meant to steal data or give attackers full remote control of the device. But the reality is that the number of vulnerabilities reported by security researchers has increased consistently over the past couple of years. In 2017, we’ve seen an increase of 28.83% in the number of total reported macOS vulnerabilities compared to 2016.
These vulnerabilities range from Denial of Service (DoS) to code execution and memory corruption, including some that are potentially remotely exploitable and highly critical. Almost 40% of reported DoS vulnerabilities for macOS have been labeled “critical” and can be remotely triggered, with vulnerability scores ranging from 9.3 to 10.
Code execution vulnerabilities have also risen 33.94% from 2016, with 53.42% of them being remotely triggered and marked with a vulnerability score above 9.3. This type of vulnerability is particularly useful to cybercriminals, as it allows them to bypass authentication and simply run any type of code – specifically, malicious code – sometimes without a user’s knowledge.