Checklist 112: Security as an Obstacle in Mojave
Last week, we brought you a discussion about some of the latest security and privacy features in Apple’s latest major release, macOS Mojave. Not everything is as it should be, though. Sure, Mojave is just fine for the average user – that’s the determination we made last week – but there are a few problems that have appeared in the days and weeks since its public release. This week, we’re talking about those issues and what’s up with them. On our list:
- Full Disk Access Gives Up a Little Too Much Access
- Bugs Infiltrate New Privacy Features
A computer operating system is a complex, intricate thing and it is hard to get everything right on the first release attempt. Some issues, of course, are to be expected, and macOS Mojave is no different. One of the first issues we heard about has to do with a feature called Full Disk Access. We’re starting our discussion today by taking a look at this story.
Full Disk Access Gives Up a Little Too Much Access
Security firm Sentinel One took a deep dive into the new security features of Mojave, in particular, the technology underlying Apple’s efforts to stop unauthorized data access. They didn’t like what they found – in fact, not only does Sentinel One believe Apple has implemented a confusing system, they found a serious flaw.. It all has to do with the way Apple now puts restrictions on Apps using Apple Events from getting “full disk access.”
The researchers found Apple’s process for blocking access to file folders through apps to be opaque – it’s off by default, and it requires navigating several menus to give an app clearer access to some types of data. To a certain extent, this is by design. Apple does not want it to be easy for applications to gain access to the contents of the entire hard disk as it might have been in the past. The risks for abuse were just too great – so now it is impossible for a user to inadvertently give away that level of access with a single click. By adding a mandatory process for whitelisting apps, Apple’s made the overall system safer.
That doesn’t mean it’s all well and good, though; in fact, it’s this process, combined with the frequent dialog boxes for granting permission, that concern the researchers. With so many dialog boxes to click through, they worry users will become fatigued and miss important notifications. When would the average user actually encounter the need to go through the whitelisting process? There are a number of potential scenarios.
One of the most likely is this: users who rely on third-party solutions for their backups. In other words, if you choose to back up all your files but you do not use Apple’s Time Machine, you’ll find that the software suddenly no longer works correctly in Mojave. That’s because it no longer has full disk access, and you’ll need to figure out the whitelisting process to make it work. The same could be true for an email filtering program, or even anti-malware software. For developers, this poses a real problem – users could upgrade to Mojave and experience sudden failures in software that had previously always “just worked.” Since there is no way for applications to tell whether or not they have proper access, there’s no way (as yet) to inform the user of an error.
Only grant Full Disk Access to apps that you trust, for example, a legacy app that you know is safe to use but suddenly no longer works on Mojave. To whitelist an app, here’s what you have to do:
- Open System Preferences by clicking the Apple icon
- Click Security & Privacy
- Click the Privacy Tab – if the Lock icon on this screen is locked, click it now to enter your username and password for authentication
- Select Full Disk Access, then select +
- Locate the app you are having trouble with, then select it
After taking these steps, the app in question will be properly whitelisted for Full Disk Access. You can always remove it later, of course. You can also modify app permissions on this screen in case you mistakenly denied access to a more minor permission, such as camera access, during a previous interaction. When determining whether you should trust an app or not, look for additional information in the permission request explaining why it needs permission. Unfortunately, there’s no option for this for Full Disk Access yet, so you’ll need to restrict whitelisting to apps you’re certain you can trust.
According to Sentinel One, it also looks like Apple goofed regarding sealing off file access from everything. While applications like the Script Editor and the Terminal are blocked from accessing certain protected folders, such as the space where all your Safari data is stored, it turns out that not every method of requesting file access is safe. In fact, all it took for Sentinel One to gain access to the target files was to use the common Secure Shell (SSH) communications protocol to log in to the machine with the correct admin credentials. Once inside, asking for access to any folder became no problem; the system gave it up easily, just as if Full Disk Access for the program had been enabled.
While it might not be easy for the bad guys to get a hold of your Mac’s login information, it could happen, and it would then be effortless for them to remotely connect to your system to start rooting around for some files. Until Apple has a fix in place for this problem, you can protect your Mac on Mojave by simply going to the Sharing pane and disabling Remote Login. The possibility of a user suffering a breach through this method is low, but you may prefer to disable Remote Login if you aren’t using it in the first place — just to be safe.
Bugs Infiltrate New Privacy Features
There are some other issues, too. Security researchers, including regular presence Patrick Wardle, have uncovered several issues in Mojave, present at launch. Wardle found the first issue right away on Mojave’s launch day while examining the last beta release, and it’s a flaw in those brand-new permission prompts we were discussing for things such as your camera.
Though Wardle was cautious to note that this is not a “full bypass” of the feature, a malicious program already on your Mac could potentially figure out a way around the new prompts. To prove that the problem was real, Wardle tweeted a video of the bug in action, showing an “unprivileged” script designed to mimic malware on the system stealing a user’s contacts even after an initial denial.
Is this a zero-day exploit? Not quite, since Wardle didn’t release the full details of how to execute the bug; instead, as per best practices, he reported it to Apple. However, sharing a public video of the bug hours before Mojave was scheduled to release to the general public is a bold move. What prompted it?
Wardle says that he did it because he’s unhappy with Apple’s lack of a bug bounty program for macOS. These are programs that pay out a financial reward when researchers (or hackers) report verifiable issues to a developer so they can fix them before they become a problem. A well-known invite-only bounty program exists for iOS, but none for finding bugs in macOS yet — why that is could be anyone’s guess.
Maybe there just hasn’t been a push for it, or perhaps Apple is concerned about the need to pay out a large number of bounties, or maybe there could be another reason – like a diminishing level of consideration from Apple towards the Mac as a platform. Perhaps they see that the iOS model of security, where everything is strictly sandboxed and the platform is largely a walled garden, is the future going forward. This plays into some concerns users have that iOS and macOS will eventually become indistinguishable. That would render a public bug bounty program less useful to Apple if all it intends to do is eventually undergo a major transition on the Mac.
Whatever the reason for lack of a bug bounty is, Wardle’s flaw wasn’t the only one to turn up close to launch day. An app developer by the name of Jeff Johnson says he also discovered and reported a similar problem to Apple. His version is different from Wardle’s, but since it’s still unpatched, we don’t have details to share yet.
Johnson cautioned users not to panic, stating that since he had not found a new vulnerability, Mojave was still a safe OS to use. However, he pointed out that the flaw means merely “it is not safer” for now. While two flaws in a flagship security feature for Apple’s latest release is bad enough, a third one is actually floating around out there. While the permissions issue is a problem, it’s unlikely to have an adverse effect on most users.
While these issues are something of a concern, we can likely expect the flaws themselves to be addressed or improved upon by Apple in subsequent updates. As we said at the conclusion of last week’s episode, there’s no good reason not to upgrade to macOS Mojave if you haven’t already done so yet. Even in spite of some of the confusion surrounding Full Disk Access, there’s still plenty of other features and improvements to enjoy – plus the Night Mode that everyone has been so excited about! With that, we’ll draw another discussion to a close.
Have a question you’d like to hear us answer or a story that you think would make for a good topic of discussion? Send your suggestions in an email to Checklist@SecureMac.com and tell us what’s on your mind. You might even find your question turns into the subject of a future episode! In the meantime, we’ll say our goodbyes for this week as we prepare to return in seven days with yet another new episode of The Checklist, brought to you by SecureMac. Thanks for listening.