GaLeon - Fotolia


Mac OS X security flaws IT should know about

If you support Macs in your company it's important to remember that OS X has security flaws just like the Windows operating system.

Hackers have set their sights on Apple's OS X with the same enthusiasm they have for Windows. As vulnerabilities in the Mac operating system come to light, it's clear that IT administrators have something to be concerned about

Many Mac users think they're less vulnerable to malware than Windows users, so they're sometimes less savvy about protecting their systems. And administrators might not be as prepared to handle Macs as they are Windows computers.

But one of the biggest issues with OS X going forward will be malware and security. Cybercriminals are paying more attention to OS X, and according to Mitre's computer vulnerabilities and exposures (CVE) List, OS X has seen its fair share of problems.

Consider the first release of Yosemite (OS X 10.10). Unbeknownst to most users, the OS contained flaws that left the system vulnerable. For example, the Apple ID OD plug-in allowed attackers to change users' passwords, and the IOGraphics component let attackers execute code or carry out denial of service (DoS) attacks. Fortunately, the August 2015 Yosemite 10.10.5 update fixed these and many other flaws, but Mac computers were left vulnerable before the fixes were in place.

El Capitan to rescue Mac OS X security?

Apple released El Capitan (OS X 10.11) in September 2015. As with its predecessors, this release addressed a number of security flaws that were either unknown or not fixed in the Yosemite 10.10.5 update. There were issues that affected a wide range of components, such as bash, Certificate Trust Policy, CFNetwork, HTTP Protocol, Finder, IOGraphics, PHP and the kernel.

El Capitan was supposed to address scores of security concerns with its predecessor. But despite Apple's efforts to secure the new OS, El Capitan still came with a significant number of its own vulnerabilities that affected components such as Core Text, CFNetwork and Security Agent. Once again, the kernel had its fair share of vulnerabilities. For example, an attacker with privileged network access could potentially execute code, or a malicious app might be able to overwrite files or launch DoS attacks. According to Apple and the CVE List however, the El Capitan 11.1.1 update addressed all publicly known issues.

The key words there are "publicly known." Apple does not disclose any details about Mac OS X security vulnerabilities until it has released a patch to fix them. As a result, IT teams have no idea what other gaps might be lurking until an update is available.

What El Capitan fixes

Perhaps the most notable change in El Capitan is System Integrity Protection, a new security technology that helps prevent malicious software from modifying protected folders and files. Previously in OS X, Apple placed no permission restrictions on the root user account, so it could access any system folder or applications. If an administrator entered his username and password when installing software, it gained root access to the system. This could open the door for malware, especially if the account's password was compromised.

With System Integrity Protection, malware now has a tougher time gaining access. It restricts the root account and limits what actions the account can perform. It also prevents the account from being able to make changes to select system folders. Now only certain processes are allowed to modify the protected parts of the system.

El Capitan also comes with an updated two-factor authentication system. Two-factor authentication is not new in OS X, but Apple revamped the system to make it more secure and easier to use. The system no longer requires a recovery key to gain access to an account, should all else fail. Prior to El Capitan, dealing with a lost recovery key could be a very painful process for users. Sometimes users had to abandon their Apple ID altogether, which was a considerable productivity loss for users trying to conduct business on their Apple devices. Now Apple's customer support can help the user get back on track.

El Capitan also adds App Transport Security (ATS) to the OS, which enforces secure connections between an application and its back end. ATS is enabled by default, and it requires any application using HTTP to connect to the system with HTTPS, which helps ensure that data communications cannot be compromised.

Other El Capitan concerns

Apple's El Capitan 11.11.1 update fixed some security issues, but it might have left a couple unresolved. The first lingering security gap in OS X is related to Gatekeeper, a utility that verifies the origin and integrity of Mac software. The OS might be vulnerable to malware and compromised passwords because of a security flaw in Gatekeeper. Another issue appears to be with Keychain, the OS X password management system. There is a hole in the system that could allow unauthorized applications to steal or delete protected data.

Although these two issues carry their own level of risk, perhaps the bigger concerns with El Capitan are all the unknown issues that are waiting in the wings, whether Apple is already aware of them or not.

Next Steps

Security smackdown: Windows vs. Mac

More on Mac versus Windows security

Snow Leopard features IT pros should know

How to protect enterprise Macs against viruses

Dig Deeper on Alternative operating systems