Enterprise Mac company Jamf has acquired Digita Security, bringing native Mac security to its platform.
Digita, a two-year old startup, was founded by a team of security experts led by Patrick Wardle, whose background includes a decade as a Mac security researcher, seeking out vulnerabilities on the Mac, and time at the NSA where he honed his security research skills.
Patrick makes a lot of great Mac tools with Objective See that I recommend.
Security researcher Patrick Wardle found he can bypass macOS security by using synthetic clicks built with AppleScript.
Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.
Mr. Wardle refers to this as a “second stage” attack, because the hacker or malware needs access to your Mac to exploit this bug.
The RSA Conference is a series of computer security conferences. This year, security researcher Patrick Wardle announced a new tool for Macs called GamePlan.
…GamePlan, a tool that watches for potentially suspicious events on Macs and flags them for humans to investigate. The general concept sounds similar to other defense platforms, and it hooks into detection mechanisms—has a USB stick been inserted into a machine? has someone generated a screen capture? is a program accessing a webcam?—Apple already offers in macOS. But GamePlan, cleverly written with Apple’s GameplayKit framework, collects all of this data in a centralized stream and uses the videogame logic engine to process it.
I use a couple of Mr. Wardle’s security tools. I look forward to downloading GamePlan.
Security researcher Patrick Wardle wrote a blog post figuring out what could’ve happened.