Apple recently unveiled an update to its built-in malware-detection system, but a new research report shows the tool can be bypassed with relative ease. The tool, XProtect, is developed by Apple to protect Mac users from malicious software and malicious websites.
However, researchers from security firm Synack have found a way to bypass the XProtect mechanism “trivially,” by creating a malicious file that appears to be a normal file and making a slight change to the file’s name. This change causes the XProtect system to miss the malicious code, allowing the software to run without raising any alarms.
In a blog post about the research, Synack said it had reported the bypass to Apple and had received a response from the company, although the response did not include any details. In its post, Synack pointed out the issue with XProtect: “The issue here is that XProtect is not updated as frequently as other real-time antivirus solutions, so bypassing it can make an attacker confident that their malicious software package will reach users uninterrupted.”
The bypass is concerning, but it’s worth noting that XProtect is only able to detect specific known malware, and the bypassed version would still need to be manually downloaded to a user’s computer before it could be run. This provides a potential layer of defense, and users should still rely on antivirus software from a reputable third-party provider.
At the same time, Apple should consider updating XProtect more frequently to ensure that users are not vulnerable to this type of attack. As the world becomes increasingly digital, we need to ensure our devices are secured as well as possible, and XProtect needs to play its part in this.
Hey Subscribe to our newsletter for more articles like this directly to your email.