Hello and welcome to the Wednesday, August 16th,

2003 edition of the Sandt and Stormsenders Stormcast. My name is Johannes Ulrich,

and then I'm recording from Jacksonville, Florida. Let's start today a little bit with

Apple security in particular macOS Ventura, which did introduce a background task manager.

The goal with background task manager was to alert the user if a process sort of becomes

persistence, basically runs in the background. And the idea behind this is if you have a process

that all of a sudden keeps running in the background,

there's a little pop-up, the alerts you of it.

If you just install some new software, well, then you sort of know, okay, I know why this is running.

You can discard the warning.

The problem is that apparently this particular feature doesn't really work as well as it's supposed to work.

And Patrick Wardle, who has had a rich history in finding flaws in macOS and iOS, has presented

at DefCon, some of the methods that can be used here.

Out of the three different bypass methods at Wardle found, one requires root access,

that's still potentially a problem because, well, that's sort of exactly one of the attacks

that the background manager is supposed to protect yourself from.

But there are two others that do not require route access and could still bypass

any persistence notification by the background task manager. Patrick has been in communication

with Apple about sort of the issues with the background task manager. Now, the specific flaws here haven't been disclosed to Apple,

but the overall sort of problems that Patrick found,

not clear if there will be a patch coming from Apple anytime soon

or maybe something like with the next macOS release,

...