MacOS malware detection tool proves easy to bypass

The Background Task Management tool built into macOS to thwart malware turns out not to perform its function very well. This was revealed by Mac security researcher Patrick Wardle during a Defcon-31 presentation in Las Vegas.

Since late 2022, Apple has built the Background Task Management tool into macOS Ventura. This tool specifically looks for “persistent” malware. When found, the tool sends a notification to end users or third-party security tools that a ‘persistent event’ is occurring. The idea is that these end users or security tools then investigate what is going on.

Several vulnerabilities in tool

However, according to security researcher Patrick Wardle, the security mechanism has several vulnerabilities that allow hackers to bypass the functionality. Since its introduction, he discovered that the implementation of this tool is so poorly done that any somewhat complicated malware can easily bypass the detection functionality.

At the Defcon event, the security researcher disclosed some of these deeper vulnerabilities. Among them, he showed a bypass access to the highest management account needed to be executed. Surely this vulnerability is important to patch because hackers who gain this level of access are able to disable Background Task Management notifications in macOS. They can then install as much malware as they want without the victim receiving any notifications.

Disabling notifications

Furthermore, Wardle discovered two vulnerabilities that can be exploited without having gained privileges through the management account. The vulnerabilities make it possible to disable persistence notifications in the tool. One of these vulnerabilities exploits a bug that controls how the alerting system communicates with the macOS kernel.

The other vulnerability involves a functionality that allows users, even those without deep privileges, to stop detection processes. This vulnerability can be manipulated so that it prevents notifications from reaching end users.

Apple is urged to patch the vulnerabilities as soon as possible.

Also read: Hackers succeed more to stay undetected in a corporate network

Top story

OT security: how AI is both a threat and a protector

OT (Operational Technology) attacks can have major real-world consequences. Globally critical seaports can be...

Erik van Klinken April 16, 2025

Whitepapers

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Are you data and AI ready?

Discover the essential strategies and imperatives to create a data an...

Tech career

Tech calendar

MacOS malware detection tool proves easy to bypass

Several vulnerabilities in tool

Disabling notifications

Stay tuned, subscribe!

Google Gemini 2.5 Flash can think for as long as devs want it to

Free VMware ESXi hypervisor returns

OpenAI launches GPT-4.1 models, with a focus on coding

E-commerce solutions provider puts its own portfolio on display

Intel and Altera aim to bring AI to edge computing with new series of chips

Manhattan Associates provides supply chain software, is it more than a fancy name?

AI-powered cameras shake up retail

Try the latest high-end Synology backup system for free

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?

Cloud Account Executive – Slack

AI & Data Architect

VeeamON 2025

GITEX ASIA

SAS Innovate 2025

.NEXT 2025

LambdaConf 2025

Qlik Connect 2025