Ex NSA Hacker Finds Security Flaw in macOS
Dr. Alexander Fleming famously discovered penicillin by accident.
He found the mold growing in his lab, leading to one of the greatest advances in human history -- a cure for deadly infectious diseases. That's like Patrick Wardle's story -- without the mold.
The software security expert accidentally copied the wrong code and discovered a bypass to "do a lot of malicious stuff" to Apple products. Here's how it happened.
Accidental Discovery
Wardle, a former National Security Agency hacker, was testing an old macOS attack. He copied and pasted the wrong code, and ran it.
To his surprise, it allowed him to post synthetic clicks to security alerts. Basically, it bypassed Apple security and opened the door for malicious attacks.
"The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions," he told Ars Technica. "Many of Apple's privacy and security-in-depth protections can be trivially bypassed."
Wardle demonstrated the problem at a Def Con hacker convention in Las Vegas. Ars Technica said he exposed "a major shortcoming" in the macOS.
"Almost Embarrassed"
As the developer of the Objective-See Mac tools, Wardle informed Apple of the security issue. He said he wasn't trying to find a bypass.
But it happened, and it wasn't hard to do. He said it raises questions about the company's foundational security mechanism.
"If a security mechanism falls over so easily, did they not test this?" he asked. "I'm almost embarrassed to talk about it."
Related Resources:
- Use Tech to Make Client Payment Plans Safe and Easy (FindLaw's Technologist)
- Forget Russian Spies; There Could Be One in Your Office (FindLaw's Technologist)
- Shocker -- Hackers Can Zap Pacemakers (FindLaw's Technologist)