arrow-end-inversearrow-enddefendpoint-coloureddefendpoint-thin-2insider-threatsavecto-logo-smallquotation-marksransomwaresocial-engineeringtrianglezero-days

High profile security discoveries in OS X

Following a number of high-profile vulnerability discoveries within both OS X and iOS, Andrew Avanessian, VP at Avecto, comments on what this means in terms of the wider Apple security landscape.

"For years many Apple users have watched as the Windows community is hit by large numbers of exploits and attacks. Whereas Windows users are used to seeing attacks that bypass features such as user account control (UAC) and circumvent Windows defences, Mac users are totally unprepared. The widespread mentality is that Macs are inherently more secure than their Windows counterparts, but this is simply not true.

"Patrick Wardle is on a one-man mission to disprove the myth that Macs are inherently secure, often taking attacks that are well known on the Windows platform such as DLL hijacking and seeing if these work on OS X. This latest Gatekeeper bypass comes only weeks after Patrick proved that it was possible to bypass Gatekeeper using a malicious dylib (equivalent of a DLL on Windows).

"Anyone who has read Patrick's research will realise that many of the security mechanisms built in to OS X are not suitable for enterprise-level security. With Gatekeeper being simply bypassed, it is time for organizations to consider layering extra defences on top such as privilege management and application control in order to mitigate attacks and prevent unwanted content from executing. Whilst Macs have come a long way in the past 20 years the security offerings have stood still - even the major vendors offer little more than basic antivirus. It is time for enterprises to think differently when it comes to Macs and learn the lessons from Windows.

"As Macs are often only managed locally by users in many organisations the lack of visibility over endpoints is causing widespread concern. Mac adoption in the enterprise is increasing as are the frequency of attacks, and as a result the worries of the organization. As with so many things this often comes down to a couple of simple rules. Users should be given the least privilege necessary to perform their job, so remove those admin accounts and only allow necessary tasks to run with admin rights. This prevents attackers easily exploiting the user and the system. Then, control what should and shouldn't run on OS X you can allow all the corporate software to run and prevent unknown applications and threats being introduced."

Click here to read more