One of Apple's basic security tools is failing at its job

Apple logo on the side of a building
(Image credit: zomby / Shutterstock)

A security researcher has demonstrated how a cybersecurity tool built into macOS can easily be circumvented by “somewhat sophisticated” malware.

Presenting at the recent DEF CON hacking conference, Patrick Wardle outlined a way to bypass the work of the macOS Background Task Management mechanism and stay out of sight while installing even more malware on the target endpoint.

Background Task Management is a built-in tool that has shipped with macOS since October 2023. It monitors installed programs and apps for persistence, which is often a telltale sign of malware. If it finds apps that persist - despite being repeatedly killed - it will notify the user which can then scan the device for potential problems.

Three methods

Wardle found three ways to bypass this tool. One requires having root access to the device which defeats the whole purpose somewhat (if a threat actor already has root access, they can make all kinds of changes). Two, however, don’t require root access and can be used to disable the notifications. One of the ways requires using a bug in the way the alerting system communicates with the kernel. The other leverages the users’ ability to put processes to sleep. 

Wardle said he decided to take his findings to DEF CON instead of taking it to Apple, because he already reached out to the company when it first debuted the tool, after finding a few flaws. The company fixed the flaws, but did not address the root cause of the problem. 

“We went back and forth, and eventually, they fixed that issue, but it was like putting some tape on an airplane as it’s crashing,” Wardle says. “They didn't realize that the feature needed a lot of work.”

Whether or not Apple fixes the issues remains to be seen. At press time, the company is yet to address the findings. 

Via: Wired

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
Ransomware
Microsoft spies a new and worrying macOS malware strain
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight