MacDevOpsYVR Recap: Focus on Security in Mac DevOps

The annual MacDevOpsYVR conference wrapped up on Friday, and the emerging emphasis on security across the macOS DevOps space was a major theme woven throughout the event.

Among the interesting, security-focused talks given were “macOS: A Quest to Find Vulnerability Land” presented by Estela Baca of CrowdStrike. Ms. Baca chronicles her personal journey in pursuit of clear and complete documentation of macOS security vulnerabilities, and she goes on to argue that Mac would do well to look to other major players for a comprehensive model for sharing the status of suspected or known vulnerabilities in the OS.

Offensive Security’s Csaba Fitzl spoke on “Mitigating exploits using Apple’s Endpoint Security.” In his informative talk, he introduced the basic concepts behind attacks using privacy (TCC) related bypasses and privilege escalation to root through XPC services. He then continues to detail both how these privilege escalations work, and what they allow bad actors to do once they have been achieved before detailing Apple’s Endpoint Security framework and how it can be leveraged to mitigate such threats.  

Aspen Lindblom, also of CrowdStrike, gave a fascinating talk entitled “Shlaying the beast: A playbook for the most pervasive adware on macOS,” in which she deconstructed the various elements that Shlayer, the most common malware infection on macOS, uses to establish a foothold on a given operating system, and how it then propagates itself by immediately installing more adware friends. Ms. Lindblom then goes on to explain how this threat can be protected against.

The high-level takeaway from such a broad focus on security for macOS DevOps is perhaps that an active security posture is emerging as being essential to safeguarding your systems and data in macOS, which has historically been viewed as a relatively inherently secure computing sector.

Security continues to be a top priority at MacStadium, as we have made significant investments to create the most secure systems, processes, and networks to protect our customers’ data and infrastructure. With internationally recognized certifications like SOC 1, 2, and 3 and ISO 27001, 27017, and 27018, MacStadium data centers meet or exceed the requirements of even the most demanding teams. Want to learn more? Visit the security page on our website or contact one of our sales engineers.