At the Defcon hacker conference this past weekend, Mac security researcher Patrick Wardle presented findings that show that macOS isn’t as secure as it could be. The Background Task Manager, a tool used by macOS to monitor for “persistent” software, can easily be bypassed so that malicious software can run without the user knowing it.
A persistence event is common with software, and Background Task Manager watches for them and alerts the user when one occurs. As reported by Wired, Wardle discovered ways to disable the notifications that Background Task Manager sends to the user. One method requires root access, which means that the threat agent needs full control of the Mac to disable the alert, but Wardle found two other methods that can be deployed remotely. That makes it a lot easier for an attacker to disable the notifications and allows the malware to run unnoticed.
Wardle has a wide knowledge of Mac security and is quite familiar with persistent events, having developed a free notification tool called BlockBlock for the Mac through his Objective-See foundation. “[Background Task Manager is] a good thing for Apple to have added, but the implementation was done so poorly that any malware that’s somewhat sophisticated can trivially bypass the monitoring,” said Wardle, who had found problems with Background Task Manager when it was first released with macOS Ventura.
Apple has not commented on Wardle’s findings, which have not been fixed. Usually, researchers release findings after the problem has been addressed in a system update. But Wardle said that he had already notified Apple prior to Defcon.
The easiest thing you can do to protect yourself is to update to the latest version of macOS whenever possible. Apple releases security patches through OS updates, so it’s important to install them when they are available.
The other way to protect yourself is to download software only from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Malware is often disguised as legitimate software and is distributed through email or on the web through forums and software sites that are not vigilant about security.
Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.