Researcher claims a key Mac security feature can be bypassed and Apple won't fix it

News
By Oliver Haslam
published

Mac security isn't as strong as it could be, it seems.

M2 Macbook Pro 13 Inch Hero
(Image credit: Future)

Apple takes the security of its phones, computers, and tablets seriously, but one researcher says that there's one known flaw that it hasn't yet gotten around to fixing.

That security flaw affects Macs around the globe and relates to vulnerabilities in Apple's macOS Background Task Management system, a feature that is supposed to warn people if an app tries to become persistent, ensuring that it can run without the user's knowledge.

However, one researcher says that while the Background Task Management system is well-intentioned, "the implementation was done so poorly that any malware that’s somewhat sophisticated can trivially bypass the monitoring,” Apple would no doubt agree that the best Mac is a secure one, making this claim particularly worrisome.

Deeper issues left unfixed

Wired reports that security researcher Patrick Wardle shared details about his findings at the Defcon hacker conference in Las Vegas. In fact, Wardle didn't just find one issue. There were a few.

"When Background Task Manager first debuted, Wardle discovered some more basic issues with the tool that caused persistence event notifications to fail," Wired reports. "He reported them to Apple, and the company fixed the error. But the company didn't identify deeper issues with the tool."

Wardle went on to say that Apple "didn't realize that the feature needed a lot of work.” As a result, there are still some problems for it to deal with — including ways for apps to disable persistence notifications generated by Background Task Manager without the need for elevated privileges.

"One of these exploits takes advantage of a bug in how the alerting system communicates with the core of a computer's operating system known as the kernel," Wired explains. "The other capitalizes on a capability that allows users, even those without deep system privileges, to put processes to sleep. Wardle found that this capability can be manipulated to disrupt persistence notifications before they can get to the user."

Wardle says that the only reason that these bugs have been shared at Defcon is that it already told Apple about the flaws, but they haven't been fixed yet.

It isn't clear if the upcoming macOS Sonoma update will address the security issues Wardle mentions, however.

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.