Researcher claims Mac’s malware-flagging tool is ‘trivially easy’ to bypass


Protect Your Access to the Internet

Apple includes a number of built-in tools to keep the best MacBooks safe from malware, but a security researcher is now claiming that one of them can be easily bypassed by hackers.

As reported by 9To5Mac, the iPhone maker first introduced its malware-flagging tool Background Task Manager as part of macOS Ventura last year. The tool is designed to notify you when Mac malware installs itself in such a way that it can remain persistent on your computer.

Now though, during a presentation at Defcon, security researcher Patrick Wardle has presented his findings on several vulnerabilities in Background Task Manager that make the tool not nearly as effective as Apple originally claimed it would be at flagging malware.

In a discussion with Wired after his presentation, Wardle explained that he discovered some issues with the tool that lead “persistence event notifications to fail.” While he reported these issues to Apple and the company fixed them, Warle claims that “deeper issues with the tool” weren’t identified.

Although hackers have yet to leverage the flaws in Background Task Manager in their attacks just yet, now that Wardle has shed light on them, they could soon be used to install persistent malware on vulnerable Macs.

Apple’s built-in malware protection

Just like Microsoft does with Windows Defender on its PCs, Apple also includes built-in malware protection with every Mac it sells.

For starters, every app uploaded to the Mac App Store is vetted for malware while Gatekeeper in macOS ensures that any app you install is signed by an approved developer. From here, XProtect scans your Mac for malware using signature-based detection and blocks it from running on your computer.

As is the case with the best antivirus software, Apple frequently updates XProtect so that it can identify new malware strains and variants. However, last year, the company introduced Background Task Manager to search for persistent malware on its computers.

As the name suggests, persistent malware is a type of malware that can continue running on your computer in the background. While you can find and try to remove malware, if an attacker has achieved persistence on your Mac, their malware will remain on…