Mac Security: not what you think.
The misconception about Mac security.

By: AiroAV (Airo Security)

March 24th, 2019

Myths and misconceptions regarding Mac security are far from rare among Mac users. Back when Macs were not as widespread as they are today, we were told that due to its small market share, our beloved Macs were targeted less by attackers, hence more secure. But that was a long time ago. And a lot has changed since.

Despite a growing Mac popularity and sales, this outdated belief has somehow survived. The ignorant consumer lives in a fairytale world, being under the impression that OSX products are completely safe and protected.

This false ‘safe-by-default’ fantasy leads to complacency and prevents users from taking the necessary precautions to not become an easy target for hackers.

So, let us shatter some myths about Mac protection. Take a seat and lean back, because this article is going to change the way you think about your Mac security.

#1 Myth: I’m not important enough to be attacked.

Let’s start off with a popular opinion among ‘common folks’ which has nothing to do with widespread hacking techniques. People tend to believe that hackers are only interested in targeting big organizations like banks and governmental institutions. Or individuals that hold an important position, or own a significant fortune. This belief leads to the wrong mindset of “it won’t happen to me”.

Fiction: Malware attacks are targeted only at high-level individuals and institutions.

Fact: No one is safe. Any easy targets are attractive for attackers.

Even – and mostly – an ordinary person, like me or you can become a target of phishing, a malicious code disseminated or any other attack by cyber attackers. Hard to believe? Well, Fruitfly’s victims thought the exact same thing.  Fruitfly, a Mac OS-designed malware that went undetected for years, managed to gain access to users’ webcams, desktops, and microphones. The malware exploited a port scanning vulnerability, exposing remote access ports with weak passwords or no passwords at all.

The Fruitfly case taught us that there’s no fish-too-small to be targeted directly. In fact, without any regulation on their network activities, common unsuspecting users are even more vulnerable for attacks than the so-called high-level individuals and institutions. Without any form of protection, the chance of detecting those by users is minimal. Users won’t have a clue about the attack until the damage is done.

#2 Myth: By browsing cautiously, I keep my Mac safe from external dangers.

Fiction: By only downloading apps from the App-store, and solely browsing ‘safe’ websites, I’m keeping my Mac isolated and protected from attacks. Hence, all traffic that passes through my Mac is safe and secure.

Fact: Let us burst your bubble: as long as your Mac is connected to the Internet, traffic goes through public servers, meaning you are not safe.

The most elementary example is the DNS server. Every time you type a URL in the address bar, an external DNS server translates your request from “human language” to an IP address, so network components can process it and deliver the requested website. Since almost any browsing event is mediated by a DNS server, it quickly became a favorite hijack target. By messing with the DNS server configuration and setting up a new “DNS” address, attackers will redirect your Mac to their own server, enabling them to intercept encrypted communication, steal credentials, take screenshots, inject ads and download/upload files. A known case of DNS hijacking is OSX/MaMi, a malware specifically targeting Mac OS users.


#3 Myth: Macs are more secure by definition.

You would think that vulnerabilities start at the network level, the moment your Mac contacts external devices or networks. Wake up! In most cases, the exposure comes from within. Let’s take a deeper look at existing flaws on the most basic level: your hardware.

Fiction: Mac hardware and Mac OS firmware are inherently more secure than those of other platforms.

Fact: Apple components are not always immune to exploitation.

Take for instance the Meltdown and Spectre cases: two critical exploits in Intel processors, used by Apple in Mac computers. Exploits of these vulnerabilities were able to access privileged memory, containing personal, sensitive data like passwords and other sensitive information. Remember, cyber exploits come in many different colors and shapes. And at every level.  

#4 Myth: Browsing exclusively with Apple’s official browser, Safari, will keep the predators away.

Next up: Safari. An application running on the very same Mac OS.

Fiction: Safari is an official Apple software product. Therefore, it’s immune to attacks, manipulation or abuse.

Fact: Well, not exactly. Even though Apple issues patches in case a breach is discovered, those updates are not released instantaneously. In the meantime, you are browsing unprotected.

Let’s take the OSX/Shlayer malware example. Disguised as an Adobe Flash Player update, this malware installs a browser configuration profile which allows it to overtake the Safari homepage and search settings. And not only does it preclude the user from reverting the settings, but it also installs malicious Safari extensions (like Chumsearch) and downloads un-requested applications (like Advanced Mac Cleaner).

#5 Myth: No place is as safe as the Mac App Store.

Many Mac users consider the App Store the safest place for trustworthy downloads. But is it really?

Fiction: The Mac App Store is a safe haven, free of infected apps.

Fact: You would think that Apple’s app review process makes the Mac App Store trustworthy, right? Unfortunately, this precaution alone is not enough to keep your Mac safe.

Once granted the necessary user’s permission to the user’s home directory, apps downloaded from any source (including the App Store), get access to the user’s home directory. See Adware Doctor for example, which is an app that creates and sends out password-protected zip files to Chinese servers, after it is installed on Users Macs. Those files contain browsing history, as well as a list of all running apps on your Mac. All without any prior user consent.


Subscribe to our blog

Get Airo

Try Airo AV and Airo Web Protection

Try Airo