Ethical hackers, individuals who intentionally crack into systems and then tell the parties concerned to fix the flaws that they identify, have repeatedly shown that when it comes to security breaches, even the famed Apple Inc. (NASDAQ:AAPL) Macs are not an exception.
They have repeatedly shown that despite the fact that Apple has in place a hired team of experts whose work is to make sure that applications that have not been approved do not find their way into your Mac, it is actually possible to break the security wall.
The person who has been on the forefront demonstrating this damning revelation is Patrick Wardle, a man who used to analyse complex systems at the NSA but now does a lot of research about malware at a company called Synack.
Mr. Wardle has been consistent in his exposé of what he calls security lapses in the security architecture of the Mac. At first he has showed that it is actually possible to pack malware together with set of genuine software and successfully deliver the deadly package to a Mac. He says that the team tasked with the responsibility of keeping the security of your Mac are concerned with checking the signature of only the first few software sets that make up a tranche.
What this means is that if an attacker carefully packages deadly software together with the genuine software that has been approved for your Mac by Apple, chances are that even the malware may find its way into your Mac and actually carry out the deadly commands that it has been coded to do.
Once the malware has been successfully installed into your Mac, it allows an attacker to do all manner of wicked things on your machine. An attacker can simply record the calls that you make on Skype. Worse still, an attacker can easily spy on you and get all the important and private information about you.
Interestingly, Apple has not responded to what Wardle says about the security system of the Mac. But according to Wardle, every time Apple realised that he had managed to sneak malware into one of its Macs, the Apple guys would easily push to blacklist the entire software code.
This, according to Wardle, does not entirely solve the problem. Attackers can easily wait for a few minutes and re-launch their attack using a different package of software that looks harmless but actually has poison in the form of malware embedded deep inside.
