No surprise, I believe Apple is also coming to the conclusion that macOS is now being used in companies a lot more, it's not just home users, so the threat is real. And Gatekeeper and XProtect aren't exactly the most advanced security tools out there, they have been bypassed numerous of times, see link. https://www.sentinelone.com/blog/how-malware-bypass-macos-gatekeeper/
And macOS also sometimes suffers from major design flaws, this was already discussed in another topic, I haven't got a clue why it was removed. But I have actually found a better article about this flaw, which is only fixed in macOS Monterey, so not in older macOS versions, see link. Bottom line is, Apple realizes that it should become a bit more aggresive, but I would like to see more advanced behavior blocking in macOS. But I'm not sure if the OS is designed in a way that allows advanced protection like on Windows. Because third party AV's on Mac also seem to be quite basic. https://www.wired.co.uk/article/macos-process-injection-flaw
And this is exactly why Apple should get more aggresive, because yet again a couple of zero days that were actively exploited were found and fixed, it's the same stuff that has plagued Windows for years. The holes were found in the macOS kernel and in Safari's WebKit engine, but all browsers on macOS use WebKit, so switching to Chrome or Brave wouldn't help, if I'm correct. Security tools on macOS really should get more advanced to tackle these (targeted) attacks. https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html
OK my bad, so in this case Chrome, Edge, Vivaldi and Brave should not be affected on macOS. Only Safari could be used to exploit systems, especially if combined with the macOS kernel zero day.
Hello @Rasheed187 Within the last 24 hours, you probably noticed that macOS Big Sur & Monterey were updated to include an upgrade of Safari to 16.0. These updates address the prior kernel zero-day exploit. Many are still not completely aware of the somewhat silent push of Apple's XProtect Remediator for macOS in the last few months. Hopefully, this will also help. HTH
To clarify, I know that XProtect and Gatekeeper should be capable of blocking malware that's delivered via exploits, similar to Win Defender combined with Win SmartScreen. But I'm talking about more advanced behavior blocking tools, that can protect the system even after malware is already running. Because as mentioned before, AV's can sometimes be bypassed by more advanced attack methods. Win Defender isn't exactly bulletproof either.
This is a third-party tool, but I have been using this for quite a while. https://objective-see.org/products/blockblock.html
Yes, this is about the only developer that I could find that develops specialized security tools for the macOS. I wonder if someone will also develop tools like SpyShelter, Sandboxie, HitmanPro.Alert and OSArmor, I guess this would be kinda cool. But the question is if macOS allows this from a technical point of view, that's not clear to me.
