Hack a Mac: It’s Not Impossible
Category : Sentinel One
It’s a commonly held belief that if you want to avoid a virus, you should be using a Mac. In fact, fewer than a dozen viruses have been developed for the Macintosh operating system. Does that mean that Mac OS is always safe and secure and, therefore, the operating system of choice? Well, not exactly.
Mac Hacks in History
In 2013, hackers exploited a flaw in Oracle Java to gain access to Apple computers. The exploit worked by gaining access via the Java Applet and provided a remote entry point to the OS X environment. Apple was quick to update the operating system to block the vulnerability, and the issue brought Apple to the forefront of the battle for third-party vendor security compliance.
In 2007, the Mac OS X firewall didn’t recognize the command to block incoming connections. This created a huge vulnerability for users because attackers could easily bypass the rule and access the Mac directly. In the same year, a flaw allowed users to bypass file- and system-level restrictions, which broke the confidentiality chain security teams value.
The year 2015 saw denial of service exploits, with over 225 vulnerabilities discovered and patched. Some of the largest were related to the integrated interface between Apple iOS, Apple Watch, Apple TV and Mac OS X. While it’s beneficial from a developer’s perspective to have a single stack for development, it causes security headaches.
More recently, a number of vulnerabilities of Mac systems have been addressed, and some haven’t. Firmware updates for the underlying computer infrastructure aren’t addressed in an efficient manner.
Third-party applications continue to be a threat vector for OS X as well. Java is such a prevalent technology that, in 2017 alone, there were over 800 reported vulnerabilities. Adobe, with it’s Flash plugin and PDF software, is also sitting with 257 known vulnerabilities in 2017, down 50 percent from the year before. But it continues to be an issue.
Apple itself continues to identify and patch vulnerabilities. The biggest ones so far have been related to Mac OS X High Sierra and a vulnerability in the keychain where an attacker could decrypt the keychain and see the keys in plain text. Also, some kernel-related flaws allowed denial of service attacks against the Apple infrastructure.
How To Stay Safe
Thus far, Apple has been very focused on addressing known vulnerabilities and releasing patches for them. So, as an end user, you need to ensure that your updates are run on a regular basis. However, it is also important to have some form of protection at the system level, preferably something real-time that is effective in stopping zero day threats and signature-less attacks.
A software like SentinelOne fits this mold perfectly as it runs at the kernel level and monitors all system activity, weighing potentially malicious actions to determine whether or not a program is benign or not. This approach has proven to be extremely successful as SentinelOne customers were unaffected in 2017 despite several high profile breaches. In addition, if a breach does get through then SentinelOne has a Cyber Warranty to help mitigate the financial impact on your organization. For a security product there is nothing that better exemplifies a true defense in depth solution.