Hackers can get into Macs with sneaky tricks, Crowdstrike experts say

The cybersecurity company says it's seen hackers get deep access into the Macs of regular users.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
On a blue background, two old fashioned keys are displayed on either side of a shadowy hand holding magnifying glass, which reveals a magnified skull.
James Martin/CNET

It's long been legend that Macs are harder to hack than other computers. Not only are they said to be more secure, but fewer people use them, so hackers have less incentive to break in.

Cybersecurity company Crowdstrike is happy to bust that myth. At the RSA Conference on Thursday, CEO George Kurtz and CTO Dmitri Alperovitch detailed hacking techniques they've seen used to do a host of bad things on Apple-built computers.

Attackers can trick Mac users into downloading malicious software and then get deep access into the computer, the Crowdstrike executives said. They also have tools to loot the system's keychain for more passwords and build backdoors into the machines, allowing hackers to have repeated access.

"They have interesting tradecraft on Macs," Alperovitch said of the hackers.

The Crowdstrike presentation comes in the wake of a flaw found in Apple's Facetime app that could have let hackers listen in on unwitting iPhone users, as well as a vulnerability in the keychain, which stores the passwords of apps connected to a Mac. Taken together, these flaws mean Mac users should take steps to keep their computers secure instead of relying on Apple's reputation for security to keep them safe.

Apple didn't immediately respond to a request for comment.

Watch this: Apple's next launch events: Everything we know

Kurtz and Alperovitch recommended keeping Apple's Gatekeeper feature enabled, to help make sure software comes from a valid source. They also suggested disabling macros, a feature in some Microsoft products, if you're using them on your Mac. What's more, the pair recommended users disable a feature in Apple's Safari web browser that automatically opens some files, which might end up being malware.

The pair also said they had found a vulnerability in the MacOS that they had reported to Apple. Alperovitch said that Apple is building a patch for the flaw right now and that it would likely be included in an upcoming MacOS software update.

Attackers also rely on baiting users into clicking on malicious links and following prompts that eventually lead to malware. That, of course, isn't a Mac-specific issue. Crowdstrike found malicious software that required users to click through two prompts to give permission. They did.

"Users click on just about anything," Alperovitch said.