Protecting the Garden of Eden

Presented at Objective by the Sea version 1.0 (2018), Nov. 4, 2018, 3:15 p.m. (45 minutes)

From a security point of view, many see Apple's 'walled garden' ecosystem as paradise on earth. And to be fair, Cupertino's products have never suffered from a global epidemic nor are as commonly infected as their Windows counterparts. But is this security, at least on macOS, a facade? Perhaps!

In this talk, we'll start by looking at the public malware threats currently targeting macOS in 2018. Though these specimens are rather unsophisticated, things could much worse. To support this claim, we'll discuss a myriad of recent security flaws in macOS, many such as #iamroot, that should have never have made it into production code! And what about 0days? Maybe we'll drop one as well ;)

Luckily it's not all doom and gloom for Mac users, as Mojave promises to be the most secure version of macOS ever. After examining some of the baked-in security mechanisms of this new OS we'll discuss how 3rd-party security tools still play an essential role ensuring that the Garden remains secure!

Presenters:

• Patrick Wardle - Co-founder of Digita Security / Creator of Objective-See
  As Patrick has worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Wardle is passionate about macOS security and thus spends his days finding Apple 0-days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Links:

• https://objectivebythesea.org/v1/talks.html#wardle
• https://objectivebythesea.org/v1/talks/OBTS_v1_Wardle.pdf

Similar Presentations:

• Objective by the Sea version 5.0 (2022) / Process Injection: Breaking all macOS Security Layers with a Single Vulnerability
• Objective by the Sea version 4.0 (2021) / n-1 and n-2: Should we really trust in you?
• DEF CON 30 (2022) / Process injection: breaking all macOS security layers with a single vulnerability