Hackers can bypass new protections in MacOS High Sierra

MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult

Hackers can bypass a new security feature in MacOS High Sierra to load malicious kernel extensions.

According to security researchers at Synack, the forthcoming update to MacOS features something called Secure Kernel Extension Loading” (SKEL). Patrick Wardle, chief security researcher at Synack, said that while the feature was “wrapped in good intentions”, in its current implementation, SKEL “merely hampers the efforts of the ‘good guys’” (ie 3rd-party MacOS developers such as those that design security products).

“Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected,” he said in a blog post.

According to  Apple’s Technical Note TN2459, Secure Kernel Extension Loading, is “a new feature that requires user approval before loading new third-party kernel extensions.”

Wardle said that while we might initially assume that that the main attack vector SKEL attempts to thwart is the (direct) loading of malicious kernel extensions (ie rootkits), he believed this is not the case.

“First, observe that (AFAIK), we have yet to see any signed kernel-mode MacOS malware! Since OS X Yosemite, any kexts have to be signed with a kernel code-signing certificate,” he said.

Offer Ends November 29th 2017. Hurry!!

Interesting article can be found here:

via Hackers can bypass new protections in MacOS High Sierra



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.