16 comments

[ 0.96 ms ] story [ 50.1 ms ] thread
It's almost like deliberately running malicious code is bad for your PC.
Or someone you lend your PC to for a few minutes
... so long as you give them administrative privileges.
Is loaning your laptop to nefarious characters something you do frequently? Pretty much the only time I've ever "loaned" my laptop to someone, it was a co-worker who used it for a presentation, projected on the wall, with me and a room full of other colleagues watching everything they do. When it's not a co-worker presenting, it's my wife.
Are you implying you (or anybody) can somehow verify the intentions of any macOS app?

You should publish.

I can verify that running random executables you receive in email is a bad idea, as is downloading apps from untrusted sources. I don't think this is groundbreaking or worthy of publishing in a reputable journal.
(comment deleted)
You've missed the point. "Trusted", signed applications can do the same things this PoC did.
Recently CCleaner was hacked to distribute infected versions through it's updating mechanism.

It sure would be nice if gaining a foothold on my computer didn't instantly mean gaining complete control over al my credentials.

Encrypt your credentials at rest and aggressively purge them from memory when any are decrypted.
The idea (and assumption) was that the macOS Keychain app does encrypt my credentials at rest (and allows access only after express user permission).
For sure, Apple should fix this bug, and presumably they will. Some basic app hygiene greatly reduces the risk though.
Thats a straw man argument the comment you are replying to specifically said "verify the intentions of any macOS app".

If you disagree with his argument perhaps you could give an actual counter argument?

That comment itself was a straw man. Obviously the answer is no, no one can solve the halting problem and verify the intentions of any arbitrary app.
It's almost like malicious code can come from trusted or unexpected sources. (Yes, the examples of infection paths in the article aren't very creative, that doesn't mean local exploits are irrelevant)