Skip to main content

Breaking into a MacBook requires you as an accomplice

Gatekeeper
Gatekeeper (Image credit: iMore)

Joanna Stern's combo video/columns were the inspiration for my own VECTOR series, so I watch/read everything she does. Especially when that everything includes security in general and Apple security in specific.

For The Wall Street Journal:

Hacking a 2015 MacBook Air running the latest MacOS version, Mojave, also required a multistep process (and some missteps by the "victim"). This time the malware was embedded in an .odt document, an open-source file format.

The process basically requires the attacker to trick you into turning off multiple layers of both OS and app-level security. So much so that it might as well be a Jedi mind-trick of coercion.

Sure, there will always be bugs and fixes to those bugs, but it's typically the humans that compromise the systems, and the best thing any and all of us can do is refuse to be that compromise.

Even the simplest and most basic best practices would render the attacks Joanna describes useless, so make sure you inform and empower everyone you know, so they'll know to never turn off the built-in protections.

Also: Yes, burn trash IP cameras. With fire.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

6 Comments
  • Demonstrably false title with Pwn2Own's results.
  • You're comparing a computer hacking contest to actually receiving a virus by just using your computer normally without a hacker nearby. It's not really comparable, is it?
  • The title changes depending on whether you look at the head of this page or the link on the main page. On this page it is, "Breaking into a MacBook requires you as an accomplice", (with a sub heading).. Your Mac is generally safe Unless you specifically put it in danger". In this case bobbob1016 is correct.
    On the main iMore title page it is just, "Your Mac is generally safe. Unless you specifically put it in danger." and this is the right way to do it.
    iMore have presented the article poorly.
  • I agree with you, it's pretty much clickbait
  • The computer hacking contest is to see if they CAN make a virus that works by just going to a site. Pwn2Own has different hack levels, no click and one click among them. No click means go to a site and you're infected, one click is just click a link.
  • After these events, fixes are usually deployed pretty quickly, plus the hack is generally not publicly known because it's first discovered at this event. Basically, these exploits are a proof of concept, and are unlikely to be being used out in the wild unless made public. If the user keeps their OS and applications updated, then it's highly unlikely that the user is going to run into one of these exploits. As the subtitle states: "Your Mac is generally safe. Unless you specifically put it in danger."