In this episode of Patch Me If You Can™, Arek Dreyer welcomes Patrick Wardle, a leading figure in macOS security. Patrick, who founded the Objective-See Foundation and the Objective by the Sea security conference, brings years of frontline experience from organizations like NASA and the NSA. He’s also the author of the Art of Mac Malware book series and has created several widely used open-source macOS security tools, giving him a unique perspective on both defending and attacking modern Mac systems.
The discussion centers around the evolving cat-and-mouse dynamic between macOS security and malware authors. Patrick illustrates how Apple’s built-in defenses, such as Gatekeeper and notarization, prompt cybercriminals to constantly adapt their techniques, while Apple in turn tightens protections to keep pace. He highlights the tension between bolstering security and maintaining usability, pointing out how excessive system prompts often lead to “click fatigue,” which can blunt the effectiveness of even the best-designed safeguards. Patrick stresses that while Apple continues to raise the security bar, true protection also depends on user awareness, vigilance, and regular system updates.
Rounding out the conversation, Patrick and Arek touch on the role of user education, the limitations of relying solely on Apple’s built-in defenses, and the need for enterprises to deploy third-party security tools. Patrick shares a compelling example involving Shazam’s persistent microphone access to show why behavior-based detection is critical—not just static malware signatures. He urges listeners to leave behind outdated beliefs that Macs are immune to threats or that native protections are always sufficient, advocating for a layered approach to security. If given the power to instantly patch one thing, Patrick says he’d love to see only notarized software allowed to run on Macs, a change he believes would significantly improve the platform’s safety.