Apple OSX and Security

Author: Martin Voelk
November 27, 2014

It’s widely known that the security around Apple OSX is light years better than anything Microsoft does. However the security is only as good as the people using them. We did a Pentest recently where the client has given us 100% liberties to do what it takes to test security.

So we coded a variety of nice Apple OSX payloads through the Metasploit framework and distributed them strategically through social engineering. In minutes we had voice recordings of employees, camera screenshots and desktop access. Password hash dumping and mounting back doors afterwards were routine tasks.

The same old problem. Employees in 95% of the time fall victim to plain simple social engineering attacks. They are being told through an email or worst case over the phone to install the little file to enhance security which is coming by email shortly.

Finding a proper exploitable vulnerability in a server or network OS is rare these days. Web Applications are the technical attack vector number 1, followed by employee’s lack of security awareness. BYOD is one of the worst nightmares to security and letting employees use their corporate devices for private use.

This particular client invested heavily in Perimeter security only to find out that an msfpayload generated by Metasploit with handcrafted Anti Virus and MAC OSX threat detection bypass does put the whole organization at risk. It creates an SSL tunnel back to the attacking server and even outbound Firewall filtering wouldn’t have prevented this as the Firewalls are blind to encryption and very few companies do outbound SSL inspection as it’s costly.