Security

Snitches get stitches: Little Snitch bugs were a blessing for malware

Now-patched kernel-level flaw in OS X app firewall will be revealed this week


DEF CON A vulnerability in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software.

Little Snitch reports in real-time the network traffic entering and leaving your Apple computer, and can block unauthorized connections. It is a handy application firewall that reveals the information flowing out your system and the sources of those packets.

Unfortunately, it was trivial for a malicious app to bypass Little Snitch's network monitoring mechanisms, says security researcher Patrick Wardle.

Wardle is a former NSA staffer who heads up research at infosec biz Synack. He also discovered a heap overflow bug in Little Snitch's kernel extension code, which could be exploited by an installed application to gain administrator-level access via the security software.

This kernel-mode vulnerability will be the main focus of an upcoming presentation by Wardle on Little Snitch at the DEF CON hacker gathering in Las Vegas this week. He will also demonstrate how programs could silently disable Little Snitch's network filtering, and how an Apple bug fix made this previously unexploitable kernel bug exploitable on OS X 10.11.

Little Snitch tricked ... A slide from Patrick Wardle's forthcoming talk

Little Snitch is built by Austrian firm Objective Development Software. Wardle said its developers fixed the kernel-level flaw with the release of Little Snitch 3.6.2 without acknowledging his discovery. Pedro Vilaça aka osxreverser also found low-level bugs in Little Snitch that could be exploited to crash the Mac, or disable or bypass the network filtering: these were fixed in version 3.6.4, which was released last month.

Highlighting and pushing for improvements in Apple's malware defenses has been a major focus of Wardle’s research efforts for more than three years – you can find a bunch of his file-system security tools here. ®

Send us news
3 Comments

GoFetch security exploit can't be disabled on M1 and M2 Apple chips

For now, cryptographic work should be run on slower Icestorm cores

Uncle Sam, 15 US states launch antitrust war on Apple

Lawsuit alleges iGiant rips off fans, stifles dev innovation, makes it tough to dump iOS for rivals

Meta, Microsoft, X, Match pledge selves to Epic battle against Apple App Store

You have my sword ... and my bow ... and my axe!

Apple fans deluged with phony password reset requests

Beware support calls offering a fix

Hardware-level Apple Silicon vulnerability can leak cryptographic keys

Short of redesigning CPUs, the fix will seriously degrade performance

Oh look, cracking down on Big Tech works. Brave, Firefox, Vivaldi surge on iOS

Thanks to Europe forcing Apple to offer a browser choice screen. Now, about ditching WebKit ...

Microsoft Copilot for Security prepares for April liftoff

Automated AI helper intended to make security more manageable

Sorry, Siri: Apple may be eyeing Google Gemini for future iPhones

Famous for keeping everything in-house, Apple may be carving AI-shaped door in its garden wall

EU users can't update 3rd party iOS apps if abroad too long

Remember how Apple told you security was its paramount concern?

In the rush to build AI apps, please, please don't leave security behind

Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

Apple to settle class action for $490 million after Tim overcooked China outlook

CEO's optimism was not reflected in the supply chain

Apple iPhone AI to be powered by Baidu in China, maybe

Of course it's called ERNIE seeing as Google has BERT
BREAKING NEWS: FTX crypto-crook Sam Bankman-Fried gets 25 years in prison