safety – Michmutters
Categories
Technology

A Single Flaw Broke Every Layer of Security in MacOS

Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely to overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.

The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. “It’s basically one vulnerability that could be applied to three different locations,” he says.

After deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP ), a key defense designed to stop authorized code from accessing sensitive files on a Mac.

Alkemade—who is presenting the work at the Black Hat conference in Las Vegas this week—first found the vulnerability in December 2020 and reported the issue to Apple through its bug bounty scheme. He was paid a “pretty nice” reward for the research, he says, although he refuses to detail how much. Since then Apple has issued two updates to fix the flaw, first in April 2021 and again in October 2021.

When asked about the flaw, Apple said it did not have any comment prior to Alkemade’s presentation. The company’s two public updates about the vulnerability are light on detail, but they say the issues could allow malicious apps to leak sensitive user information and escalate privileges for an attacker to move through a system.

Apple’s changes can also be seen in Xcode, the company’s development workspace for app creators, a blog post describing the attack from Alkemade says. The researcher says that while Apple fixed the issue for Macs running the Monterey operating system, which was released in October 2021, the previous versions of macOS are still vulnerable to the attack.

There are multiple steps to successfully launching the attack, but fundamentally they come back to the initial process injection vulnerability. Process injection attacks allow hackers to inject code into a device and run code in a way that’s different from what was originally intended.

The attacks are not uncommon. “It’s quite often possible to find the process injection vulnerability in a specific application,” Alkemade says. “But to have one that’s so universally applicable is a very rare find,” he says.

The vulnerability Alkemade found is in a “serialized” object in the saved state system, which saves the apps and windows you have open when you shut down a Mac. This saved state system can also run while a Mac is in use, in a process called App Nap.

.

Categories
Australia

Roof security concerns flagged years before weekend escape from Malmsbury Youth Justice Center

Victorian youth justice management rejected internal recommendations to upgrade the security of the unit two young men escaped from at the Malmsbury Youth Justice Center over the weekend, the ABC has learned.

Two young men smashed through the plaster ceiling of their cells in the admissions unit and escaped through the roof cavity of the youth prison north-west of Melbourne on Saturday night.

They were caught by police on Monday.

The 22-year-old escapee will face court on Tuesday after he was arrested in Corio, near Geelong, while the 19-year-old was sent to adult prison and will face court again in September.

The unit is not surrounded by a secure fence.

The ABC understands concerns were raised in 2019 about poor security of the admissions unit, which is an older building in the precinct.

Sign outside the Malmsbury Youth Justice Center in central Victoria.
There have been multiple reported attacks on staff at the Malmsbury Youth Justice Center in the past few weeks.(abcnews)

Internal recommendations were made to upgrade security and infrastructure of the unit, including the ceiling and roof due to risk of escape.

The ABC understands the recommendations were ultimately rejected by management.

The ABC has reported extensively on serious assaults of staff and young people at Malmsbury.

In the past six weeks, staff have reported being assaulted, threatened, spat on, and having suspected urine thrown at them. One young man threw hot water and honey at another inmate which landed on the side of a staff member’s face.

.

Categories
Australia

Homeless man tackled by SA Premier’s security during press conference vows to fight charges

A homeless man who was tackled to the ground and arrested in front of the South Australian Premier at a press conference in Adelaide says he feels he was unfairly targeted by police.

Aaron John Rudd, 54, was arrested during a scuffle with security at a press conference held by Peter Malinauskas on Hutt Street in Adelaide on June 30.

A plain-clothed police officer asked him to move back because he was getting too close to the Premier.

Rudd was then escorted away by Mr Malinauskas’s security detail and handcuffed face-down on the pavement in scenes that were captured on camera by the gathered media.

Mr Rudd, who arrived at the Adelaide Magistrates Court today with a guitar, is charged with disorderly behavior and resisting police.

After his court hearing, he told the media he meant no harm when he moved closer to the press conference to see what was going on.

“I was just passing by and was curious to watch, see what it was about,” he said.

“I feel very much that I was unfairly targeted.

“I just think it was maybe the ignorance of the police officer, he should be trained better to be more diplomatic about these situations, it’s not the way to handle a situation like that.

“People like that they should be a bit more professional, treat the public with a bit more dignity and respect.”

Aaron Rudd arrested
Mr Rudd was handcuffed face-down on the pavement on June 30. (abcnews)

Mr Rudd said he used to be a full-time carer and has been living on the streets since losing his job and felt passionately about advocating for the rights of disadvantaged people.

“I’m very compassionate and very passionate about street people,” he said.

“These people have a heart and I care for them, I like being around them.”

Mr Rudd said he did not know who Mr Malinauskas was, but felt it was his right to “bear witness” at the press conference.

He said the police officer and security detail were “aggressively intimating” towards him and he tried to defend himself.

“I pushed him, I met him with equal resistance. I was not charged with assault because, as I said to them, this will reflect in footage,” Mr Rudd said.

When asked by reporters if he might write a song about what happened, he said “maybe one day” and that it would be called “freedom for the people, a right to witness.”

The court case was attached to October.

.

Categories
US

Orlando residents react to downtown shooting injuring 7 people

Orlando Police are looking for the person who shot into a crowd in downtown Orlando early Sunday morning. Seven people were hurt but are expected to recover. It happened in the area of ​​Wall Street Plaza and South Orange Avenue at around 2 am Police say a large fight broke out as the bars and restaurants were closing. They say that’s when someone pulled out a gun and opened fire hitting seven people.”And seven people, especially in the crossfire is bad. It’s bad,” Martin Carmona, a resident said. “I think it’s just crazy because this block is always shut off. There’s always a lot of cops and stuff, so like so just to know it happened right here is pretty insane.” it’s pretty unreal, but the way things are now it’s not really too surprising I guess,” Nico Zografakis, a resident said. Orlando Police Chief Eric Smith says detectives are actively looking for the person who pulled the trigger and are checking surveillance cameras. “Please, we really need the community’s help on this, so please reach out to us if you have any information in reference to this shooting,” Smith said. Detectives were collecting evidence past sunrise. “It’s very unsettling and definitely could’ve been avoided,” William Solomon, a resident said. Some people who frequently visit downtown Orlando are reconsidering going out when there are large crowds.”Like that’s why I came out so early today. I’m like yo, let me go when it’s dead as opposed to when you feel like a sardine out here because anything can happen,” Solomon said. “Things like this shouldn’t be happening right now. I think we all should try to come together.”Police say six of those that were shot were sent to a nearby hospital. The other one went to the hospital by themselves. Police are asking for the community’s help to find the suspect.

Orlando Police are looking for the person who shot into a crowd in downtown Orlando early Sunday morning.

Seven people were hurt but are expected to recover.

It happened in the area of ​​Wall Street Plaza and South Orange Avenue at around 2 am

Police say a large fight broke out as the bars and restaurants were closing. They say that’s when someone pulled out a gun and opened fire hitting seven people.

“And seven people, especially in the crossfire is bad. It’s bad,” Martin Carmona, a resident said. “I think it’s just crazy because this block is always shut off. There’s always a lot of cops and stuff, so like so just to know it happened right here is pretty insane.”

“Just the fact that that was even able to happen, it’s pretty unreal, but the way things are now it’s not really too surprising I guess,” Nico Zografakis, a resident said.

Orlando Police Chief Eric Smith says detectives are actively looking for the person who pulled the trigger and are checking surveillance cameras.

“Please, we really need the community’s help on this, so please reach out to us if you have any information in reference to this shooting,” Smith said.

Detectives were collecting evidence past sunrise.

“It’s very unsettling and definitely could’ve been avoided,” William Solomon, a resident said.

Some people who frequently visit downtown Orlando are reconsidering going out when there are large crowds.

“Like that’s why I came out so early today. I’m like me, let me go when it’s dead as opposed to when you feel like a sardine out here because anything can happen,” Solomon said. “Things like this shouldn’t be happening right now. I think we all should try to come together.”

Police say six of those that were shot were sent to a nearby hospital. The other one went to the hospital by themselves.

Police are asking for the community’s help to find the suspect.

.

Categories
Australia

Cybercrime is evolving — here’s how a cybersecurity expert recommends you keep safe

Paul Haskell-Dowland has been in the cybersecurity education and research domain for two decades — and he is on a mission to teach the rest of us how to stay safe online.

It’s a significant job for the Professor of Cyber ​​Security Practice at Edith Cowan University.

The cost of cybercrime in Australia is incredibly high, although the figure is likely even greater than the reported data suggests.

A man in a business shirt sits at a desk in a room full of computers looking at a world map on the screen.
Cybercriminals operate in very sophisticated environments.(Supplied: Paul Haskell-Dowland)

“It was estimated [a couple of years ago] that the global cost of cybercrime … was going to hit the $1 trillion mark, and I believe it has passed that,” he said.

“It’s very hard to get an accurate indication of these figures, because so much of the cybercrime goes unreported.”

Professor Haskell-Dowland, who is also Associate Dean for Computing and Security, said for many people, their only insight into the world of cybercrime was what was portrayed in the media in movies like Hackers, and even the Diehard franchise.

“If we go back a few years and think about the Hollywood impression of cybersecurity, it was criminals in darkened rooms, sitting behind a keyboard, usually with a hoodie and tapping away at a computer and hacking into systems,” he said.

“We’ve had that glamorized view of cybercrime or cybersecurity for many, many years.”

Criminals increasingly sophisticated

Professor Haskell-Dowland said this portrayal was not entirely accurate and, in reality, cyber threats come from far more organized operations, which are “incredibly well-resourced”.

“This is a global network of cybercriminals, engaging in very significant levels of crime,” he said.

“We’ve seen cybercriminal groups who are incredibly well organised, are reporting profits of hundreds of millions of dollars … so they’re competing with large multinational corporations.”

With this high level of sophistication, individuals were becoming increasingly more susceptible to attacks.

A white screen filled with computer code.
Cybercrime is estimated to be a trillion-dollar industry.(Supplied: Paul Haskell-Dowland)

“It’s not just targeting one person, it could be targeting 100,000 people in just a click of a mouse, or a few key presses,” Professor Haskell-Dowland said.

He said there was an array of ways individuals could be compromised by this kind of activity.

“Sometimes it’s things like scams, but we also hear about things like ransomware, where people’s computers are taken over and their data or files are stolen or encrypted in a way that prevents them from accessing them, and then being forced to pay fines to recover that data,” he said.

“For the past few years, identity theft has been something that has raised alarm bells and people often see things like card-skimming being a bit of an issue.”

How to protect yourself

Professor Haskell-Dowland said there were several relatively simple ways individuals could protect themselves against cybercriminals.

He said the first involved looking at the “boring subject” of their password practices, which he said was of paramount importance.

A man in a suit giving a lecture holds a ridiculously long piece of paper containing a password of random letters and numbers.
Professor Haskell-Dowland says you should never use the same password for multiple accounts.(Supplied: Paul Haskell-Dowland)

“People find a password that meets the criteria, and then they reuse them on multiple systems, and that would be fine if all of the systems that they used were secure, and were never compromised,” he said.

“Unfortunately, all it takes is for the weakest one of those systems to be compromised and that one password that you thought was secure, is now in the public domain, it’s publicly available.”

Professor Haskell-Dowland, who personally has more than 500 passwords, recommends that passwords are not only unique to each site, but are also stored safely and securely.

“I use a password manager to make sure that they’re all stored safely,” he said.

“Even having a notepad of all of those passwords and keeping that locked away in a drawer at home is still better than having the same password on every single system.”

Professor Haskell-Dowland also suggested updating all systems and backing up data.

“Always apply updates to … every device that you’re using, including your mobile phone … to make sure that the cybercriminals don’t have an easy foothold into your system,” he said.

“Making sure that you have a copy of all of the important data … so that in the event that you get an attack, maybe you get some malicious software on a computer, you don’t lose everything.”

Targets go beyond the individual

Professor Haskell-Dowland said it was not only individuals who were susceptible to cybercrime. It also had the potential to be used as a hugely disruptive warfare strategy.

“We could be talking about the systems that control electricity, the systems that control water,” he said.

“The things that we utterly depend upon, for our day-to-day life… are often computer controlled.

“If you’re an adversary and you’re wanting to target a country, then it is much easier to attack infrastructure via digital means than it is to launch, for example, a missile to try and target a power station.”

A post-it note stuck on a computer with a password written on it.
Professor Haskell-Dowland says, unfortunately, many people still write down their passwords and leave them in obvious places.(Supplied: Paul Haskell-Dowland)

But despite the huge risks that cybercrime poses, Professor Haskell-Dowland said we should not “get too carried away with panic.”

“The issues in cybercrime are significant, and they are growing, but so is the defensive side — there’s an enormous amount of time, effort and money being spent on defending the nation and defending the individual,” he said.

“The reality is most cybercriminals are still very lazy in their perspective and they will go for the easiest targets, so simply making yourself that little bit more difficult to be a victim means that they’ll simply move on to easier and easier targets.”

.