9/22/2020 Sophos Home For Mac Os Sierra
Oct 24, 2019 Mac mini introduced in mid 2010 or later iMac introduced in late 2009 or later Mac Pro introduced in mid 2010 or later. To find your Mac model, memory, storage space, and macOS version, choose About This Mac from the Apple menu. If your Mac isn't compatible with macOS Sierra, the installer will let you know.
What’s more embarrassing than a researcher revealing a security oversight in a company’s software?
In the case of Apple, it would be when that software, macOS 10.15 ‘Catalina’, hasn’t even shipped to users yet.
The bearer of bad news was noted researcher Patrick Wardle of Digita Security, who used last weekend’s Objective by the Sea conference in advance of macOS 10.15’s launch this week to reveal a weakness through which malicious apps could exploit ‘synthetic clicks’ – automated clicks or keystrokes made by an app in the interests of accessibility.
Hijacking this, malware could automatically generate synthetic clicks to bypass prompts that ask the user to authorise actions such as installing software, hijacking webcams and microphones, or accessing Apple’s Keychain password manager, none of which would be a good thing.
Because macOS security depends on the response to such alerts, malware that can simulate these clicks on behalf of the user would have a dangerous amount of power.
In 2017 it was realised that FruitFly malware had adopted the technique as far back as 2008, as did DevilRobber in 2011 and Genieo in 2014, so the threat is more than theoretical.
The flaw
To counter this, Apple introduced a whitelist that limited access to synthetic clicks to applications approved by the user.
However, for reasons of backwards compatibility it was discovered that Apple had built in some exceptions to this rule through the Transparency Consent and Control system (TCC), including for the open source VLC media layer, Adobe Dreamweaver, and the Steam games platform.
According to Wardle, the problem of the whitelist is that while it checks that an app is allowed access, it doesn’t check what that app is doing. If an attacker appended code to a legitimate app, the control would fail. Wardle said to ZDNet:
The issue is that the verification is incomplete, so they only end up checking that the app is signed by who they think it should be (i.e. VLC, signed by VLC developer), but not the executable code or application resources.
Running sore
Apple’s embarrassment over the latest discovery will be compounded by the fact that Wardle has been scratching away at the same weakness for years.
In 2017, Wardle revealed how macOS High Sierra’s mouse keys feature (a way of controlling the mouse pointer from the keyboard) could be abused to sneakily bypass the OS’s protection against synthetic click exploits.
Apple patched the issue but in 2018 he was back with another proof-of-concept that made possible a partial bypass of protections in macOS Mojave.
Every time Wardle discovers a weakness in macOS security Apple patches it after which he returns with another gotcha timed for maximum effect to coincide with the release of a new version of the OS.
It’s uncomfortably reminiscent of another researcher, José Rodríguez, who has developed a habit of finding flaws Apple thought it had fixed in the iOS lock screen.
![]()
As with previous weaknesses in this layer, a patch will be released at some point. But it’s hard to escape the impression that, in these two areas at least, Apple’s security approach is to fix holes one at a time rather than analysing their underlying causes.
Back up your Mac if you have not done so already. To learn how to do that please read https://www.apple.com/support/backup/. To learn how to use Time Machine read Use Time Machine to back up or restore your Mac.
![]()
Then, shut down your Mac and restart it in 'Safe Mode'. To learn how to do that please read: Try safe mode if your Mac doesn't finish starting up. Compare how your Mac works in Safe Mode to how it has been.
Then, restart normally. If the same problem returns, please read the section If an issue doesn't happen in safe mode for Apple's recommended actions.
Finally, you can temporarily create a new User Account, and log in to that account to determine if the problem also exists when logged in to that Account. To learn how to do that read How to test an issue in another user account on your Mac. When you are finished troubleshooting, you can remove the temporary User Account by following these instructions: macOS Sierra: Delete a user or group. Before removing it, confirm you don't need any of the files you might have created in that Account.
the only antivirus i have running is SOPHOS HOME.
Uninstall it using the Remove Sophos Anti-Virus program. It will be installed in your Mac's Applications folder, unless you moved or deleted it. In that case, follow their uninstallation instructions here: https://www.sophos.com/support/knowledgebase/122710.aspx
Sophos For Home MacSophos Home For Mac Download
Oct 27, 2016 6:02 PM
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |