![]() ![]() ![]() ![]() Joseph Ravichandran, a PhD student from MIT, presented “The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks.” The talk was based on a paper published by Ravichandran and his co-researchers at MIT’s Computer Science & Artificial Intelligence Laboratory (Weon Taek Na, Jay Lang, and Mengjia Yan). “That’s why it’s so necessary to have dedicated third-party oversight to watch for these types of attacks - and to help alert the system and its users of attempted compromises.” PACMAN and the M1 Mac “The lesson here is that given enough time and resources, there will almost always be a way for an attacker to get a machine to do their bidding,” says SecureMac’s Principal Malware Research Engineer Israel Torres. A bad guy with a high level of access, noted Alkemade, would be able to read protected files, access the webcam and microphone, or install persistent malware on the system. As Alkemade demonstrated, this could have led to a macOS App Sandbox escape, privilege escalation, or a System Integrity Protection bypass. The saved state vulnerability meant that a bad actor could save a bit of malicious code in the vulnerable data storage location and then have it run by a trusted process-with that process’s privileges. Glossing the details a little, process injection is when a process is allowed to run code inside of another process. But as Alkemade discovered, one of those locations was still using a vulnerable method of data encoding that could have allowed a malicious actor to execute a “process injection” attack. That state data gets stored in several locations on macOS. To make this possible, the OS has a functionality that saves the current state of each app whenever a user selects this option. The vulnerability has to do with the way macOS apps save their state when a user shuts down their system or when an app has been inactive for some time.Īs macOS users are no doubt aware, when you shut down a Mac, it gives you the option to reopen all of your app windows when you log back in again. The focus of the presentation was CVE-2021-30873, a vulnerability discovered by Alkemade and patched by Apple as of macOS Monterey 12.0.1. Security researcher Thijs Alkemade gave a talk entitled “Process injection: breaking all macOS security layers with a single vulnerability.” Here are some highlights from the Apple security talks at this year’s DEF CON - along with key takeaways from SecureMac’s leadership team: Process injection vulnerabilities on macOS Nevertheless, they always contain important information for everyday computer users and people with a general interest in cybersecurity. As such, the talks tend to be highly technical. DEF CON is a convention put on by security experts, for security experts. The DEF CON 2022 cybersecurity conference was held in mid-August, and as usual there were some great Apple-focused presentations at the event. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |