The increasing use of Apple Inc.’s AAPL Macs in corporate environments is drawing the attention of hackers, who are developing more sophisticated cross-platform tactics to exploit the Mac’s security vulnerabilities.
What Happened: The Mac’s reputation for robust security is both a valuable asset and a growing concern as more companies adopt the platform. The Transparency, Consent, and Control or TCC framework, a key part of macOS’s security architecture, is being manipulated by hackers to make Macs more susceptible to attacks, reported AppleInsider, citing Interpres Security’s findings.
According to the findings, the TCC framework, designed to protect user privacy by managing app permissions, has vulnerabilities that can be exploited for unauthorized access to the system. This has led to an increase in attacks on corporate users, such as developers and engineers, using tactics like social engineering.
Despite Apple’s efforts to address these issues through security updates, hackers, including the Lazarus Group, associated with Kim Jong Un-ruled North Korea, continue to focus on Macs in corporate environments.
Another potential attack vector is Finder, which has access to Full Disk Access by default without appearing in Security & Privacy permissions, remaining hidden from users. If Terminal access is granted to Finder, it becomes permanent unless manually revoked, allowing an actor to exploit Finder to gain control over the Terminal and secure disk access, the report noted.
Why It Matters: Last year, it was reported that Russian hackers had a new tool that could give full access to all the contents on Apple’s MacBooks, iMacs, and other Mac devices. This tool was up for sale for $60,000 at the time, indicating the growing interest of threat actors in exploiting Mac vulnerabilities.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
As the use of Macs in corporate environments continues to rise, it is crucial for companies to implement specific strategies to protect their systems from TCC abuse. These include keeping System Integrity Protection on, updating the operating system to address vulnerabilities and implementing the principle of least privilege to limit user and application access rights.
It is also essential to conduct regular security awareness training to educate users about phishing attempts and other common tactics used in social engineering attacks. This is particularly important as systems are only as secure as their weakest link, which is often human error, the report stated.
Check out more of Benzinga's Consumer Tech coverage by following this link.
Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
