Hackers Are Targeting MacOS Systems Despite Built-In Protections

Image by Wesson Wang, from Unsplash

Hackers Are Targeting MacOS Systems Despite Built-In Protections

Reading time: 2 min

Last Updated: Sep 2, 2025

Even though macOS security remains robust, hackers continue to find methods to evade Keychain, SIP, and Gatekeeper protection.

In a rush? Here are the quick facts:

  • Built-in protections include Keychain, SIP, TCC, Gatekeeper, and XProtect.
  • Attackers use tools like Chainbreaker to extract Keychain passwords.
  • SIP and TCC can be bypassed with admin rights or clickjacking.

According to security researchers at Kaspersky, macOS comes with multiple built-in layers of protection. These include Keychain (a password manager), Transparency, Consent and Control (TCC), System Integrity Protection (SIP), File Quarantine, Gatekeeper, and the XProtect anti-malware system.

Together, they aim to provide what Kaspersky describes as “pretty much end-to-end security for the end user.”

Kaspersky explains how, even though the Keychain application provides secure storage of user credentials through AES-256 encryption, hackers are still able to bypass security measures of this native macOS tool and gain control of the system, extracting files and passwords.

SIP, first introduced in OS X El Capitan, was developed to stop unauthorized modifications to essential system files. However, when hackers gain administrator rights, they can disable SIP through Recovery Mode, and in turn make the system vulnerable to their attacks.

Similarly, Kaspersky notes how TCC system, which defends against unauthorized access to sensitive permissions, such as camera and microphone, can be infiltrated by attackers employing clickjacking techniques to deceive users into giving malware complete access.

Other features, such as File Quarantine and Gatekeeper, try to stop users from running malicious files. But these, too, can be bypassed with technical workarounds or simple social engineering instructions that persuade users to override warnings.

Kaspersky concludes that “the built-in macOS protection mechanisms are highly resilient and provide excellent security. That said, as with any mature operating system, attackers continue to adapt and search for ways to bypass even the most reliable protective barriers.”

Apple provides security recommendations that users should use their built-in protections, in combination with third-party security software for complete protection.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
4.00 Voted by 1 users
Title
Comment
Thanks for your feedback