Presented at
VB2018,
Oct. 3, 2018, 4:30 p.m.
(30 minutes)
*Macintosh* applications are almost always code signed today, which is a very good thing. Unfortunately, there is a serious flaw in how *macOS* handles code signatures that can lead to a false sense of security. Most *Mac* users, and even most *Mac* admins, are unaware of these flaws.
Because *macOS* checks code signatures very infrequently, it is easily possible to hijack a legitimate application that is already installed on the system without triggering any kind of code signature check. Worse, most developers are not aware of this, and do not add their own code signature self-checks. This means that there are countless vulnerable *Mac* applications in existence on the market.
This is extremely easy to exploit, as will be demonstrated. Fortunately, there are also steps that will be described that developers can take to prevent their apps from being abused in this manner, as well as some ways that admins can flag potential problems with applications on their endpoints, or that techs can use while troubleshooting issues.
Although there is currently no malware known to be taking advantage of this issue, it could easily happen in the future. As *macOS* appears to be behaving as designed, it will fall on the shoulders of developers to ensure their apps are not vulnerable to such threats.
Presenters:
-
Thomas Reed
- Malwarebytes
Thomas Reed Thomas Reed has been a Mac user since 1984, and is a self-taught developer and security researcher. He is the founder of The Safe Mac and creator of the AdwareMedic adware removal tool for Macs. He is currently Director of Mac & Mobile at Malwarebytes, where he directs product development and Mac security research. His hobbies include hiking and photography, and he is happily married with four children. @thomasareed
Links:
Similar Presentations: