Posted October 25, 2018
Last week, we discussed a few of the latest security and privacy features in Apple's latest major macOS Mojave. Not everything is as it should be, though. Well, Mojave is just good for the average user ̵
- Full disk access gives way too much access
- Bugs infiltrate new privacy features
A data operating system is a complicated and intricate thing and it's hard to get everything right on the first release attempt. Some problems, of course, are to be expected, and MacOS Mojave is no different. One of the first issues we've heard about is a feature called Full Disk Access. We start our discussion today by taking a look at this story.
Full Disk Access Provides Too Much Access
Security Company Sentinel One took a deep dive into the new security features of Mojave, especially the technology that underlies Apple's efforts to stop unauthorized data access. They did not like what they found – Sentinel One does not just mean that Apple has implemented a confusing system, they found a serious mistake. Everything has to do with the way Apple now imposes restrictions on Apps using Apple Events from getting full access to the disk.
The researchers found Apple's process to block access to file folders through apps to be opaque – it's turned off by default and it requires navigating multiple menus to give an app easier access to some types of data. To a certain extent this is of design. Apple does not want it to be easy for applications to access the contents of the entire hard drive as it could have been before. The risk of abuse was just too big – so now it is impossible for a user to unintentionally give away the access level with a single click. By adding a mandatory process for whitelisting apps, Apple made the total system safer.
That does not mean it's all good and good, though; In fact, this process is combined with the frequent permissions dialogs that concern researchers. With so many dialog boxes to click through, they worry about users getting tired and missing important alerts. When will the average user actually meet the need to go through the whitelisting process? There are a number of potential scenarios.
One of the most likely is this: Users who rely on third party solutions for their backups. In other words, if you choose to back up all your files but you do not use Apple's Time Machine, you will find that the software suddenly no longer works properly in Mojave. This is because it no longer has full disk access, and you need to figure out the whitelist process to make it work. The same may be true for an email filtering program, or even anti-malware software. For developers this is a real problem – users can upgrade to Mojave and experience sudden errors in software that has previously "just worked." Since there is no possibility for applications to tell if they have the correct access, there is no way (or not at the moment) to inform the user of an error.
Just give full disk access to apps you trust, for example, an older app you know is safe to use, but suddenly no longer works on Mojave. To whitelist an app, here's what to do:
- Open System Preferences by clicking the Apple icon
- Click Security and Privacy
- Click the Privacy tab – if the Lock icon on this screen is locked , click it now to enter username and password for approval
- Select Full Disk Access, then select +
- Find the app you're having trouble and choose it
After taking these steps, the current app will be the correct whitelist for full disk access. You can always remove it later, of course. You can also change app permissions on this screen if you mistakenly denied access to a smaller access, such as camera access, during a previous interaction. When deciding whether to trust an app or not, look for additional information in the permission request, and explain why it needs permission. Unfortunately, there is no alternative for this for full disk access yet, so you must restrict whitelisting to apps you are sure you can trust.
According to Sentinel One, Apple also seems to be able to withstand file access from everything. While programs such as Script Editor and Terminal are blocked from accessing certain protected folders, such as the space where all of your Safari data are stored, it appears that each file access method is safe . In fact, all Sentinel One needed to access the target files, using the regular Shell (SSH) protocol to log in to the machine with the correct admin credentials. Once inside, there was no problem asking for access to any folder; The system gave it up easily, just as if Full Disk Access for the program had been activated.
Although it is not single for the wicked to get the Mac login information can happen, it would be difficult for them to connect remotely to your system to start messing around for some files. Until Apple resolves this issue, you can protect your Mac on Mojave by just going to the sharing pane and disabling remote login. The ability of the user to break through this method is low, but you may prefer to disable remote login if you do not use it initially – just to be safe.
Bugs Infiltrate New Privacy Features
There are also some other issues. Security researchers, including regular presence Patrick Wardle, have revealed several problems in Mojave, presented at launch. Wardle found the first issue once on Moja's launch day during the last beta release, and there is an error in the brand new permission reports we discussed for things like your camera.
Although Wardle was careful not to notice that this is not a "full bypass" of the feature, a malicious program that already exists on the Mac may potentially find a way around the new messages. To prove that the problem was real, Wardle tweeted a video of the error in action, showing an "unprivileged" script designed to emulate malware on the system that steals the user's contacts, even after an initial rejection.
Is this a zero-day exploitation? Not entirely, since Wardle did not give out complete information on how to perform the error; Instead, by best practice, he reported it to Apple. But sharing a public video of the mistakes before Mojave was scheduled to expose to the public is a bold move. What did it ask?
Wardle says he did so because he is unhappy with Apple's lack of a bug program for MacOS. These are programs that pay off an economic reward when researchers (or hackers) report verifiable issues to a developer so that they can fix them before they become a problem. A well-known invitation-only bounty program exists for iOS, but none to find bugs in macOS yet – why there may be some guess.
Maybe there's just been no pressure for it, or maybe Apple is worried about the need to pay out a large number of bounties, or maybe that's another reason – like a decreasing level of concern from Apple to Mac like a platform. Perhaps they see that the iOS model of security, where everything is strictly sandboxed and the platform is largely a fenced yard, is the future ahead. This plays into some concerns users have that iOS and macOS will eventually be indelible. It would make a public program for bug-bounty less useful for Apple if all that is going to make becomes an important transition on the Mac.
Whatever the lack of a bug-bounty, Wardle's fault was not the only one to come near the start date. An app developer named Jeff Johnson says that he also discovered and reported a similar issue to Apple. His version differs from Wardle, but since it is still not updated, we have nothing to share with yet.
Johnson warned the users not to panic, saying that since he had not found new vulnerability, Mojave was still a safe OS to use. However, he pointed out that the error just means "it's not safer " for now. While two bugs in a flagship security feature for Apple's latest release are bad enough, a third is actually floating around out there. Although the permission issue is a problem, it's unlikely that most users will have a negative effect.
Although these issues are some concern, we can probably expect the fixes to be resolved or enhanced by Apple in later updates. As we said at the end of last week's episode, there is no good reason not to upgrade to macOS Mojave if you have not already done so yet. Despite some of the confusion surrounding Full Disk Access, there are still many other features and improvements to enjoy – plus the night mode that everyone has been so excited about! With that, we will end another discussion in the end.
Do you have a question you would like to hear us answer or a story you think would make for a good topic for discussion? Send your suggestions to an Email to Checklist@SecureMac.com and tell us what's in your mind. You may be able to find your question about the theme of a future episode! In the meanwhile, we will say our goodbye for this week when we prepare to return in seven days with another new episode of the checklist, brought to you by SecureMac. Thank you for listening.