Do you have any antivirus recomendations for Linux.

    • sugar_in_your_tea
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Here’s one example of a privilege escalation

      https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807

      And here’s a little more detail about it, complete with links:

      https://www.offsec.com/offsec/macos-preferences-priv-escalation/

      This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).

      every single one requires the user to install something

      Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.

      Also XCSSET Updated used a zero day in Safari.

      These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.

      Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.

        • sugar_in_your_tea
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Sure, anti-virus won’t prevent the zero day from being exploited, but it can prevent any malware packaged with it from executing/causing damage. The same goes for other strategies, like sandboxing, access control, etc, the more layers you have, the less likely an attack is to be successful.

          On the other side, the less valuable your platform is to exploit, the less attention it’ll have from malware authors. Most malware is looking to make a quick buck, and getting grandma to call a fake support line to fix a manufactured problem is the lion’s share of malware. Some attempt to create a botnet (i.e. worms and Trojans), and others try to steal banking and other credentials (so cookie scraping, no need for privilege escalation, just code execution).

          I’m just pointing out that zero days and privilege escalation has existed to show that macOS isn’t immune. I’m sure there are plenty more, they just probably aren’t used as much because the potential benefit isn’t large enough yet. Why risk revealing your zero day when the profit potential is low? Sometimes it’s more valuable to wait and sell to a more sophisticated attacker who will go after higher value targets like sitting politicians than to sell it on the open market to a scammer who goes after grandma.

          The same goes for Linux. Zero day privilege escalation attacks certainly exist, if you follow the CVEs, you can see some of them getting discovered before they’re explored. As the market expands, we’ll see more exploits actually being used, which means there are probably even more that potential attackers are sitting on.