ALISO VIEJO (Rixstep) — Apple's Unix is relatively secure, but not necessarily out of the box, as the notorious 'Month of Apple Bugs' demonstrated back in 2007.
Going deeper still is the seminal Hacking Exposed by Stu McClure, Joel Scambray, and George Kurtz, formerly of Foundstone. Whilst not denigrating Apple's Rock Solid Foundation™, the authors do point out that even the most secure system can be vulnerable if it's not properly taken care of.
Rixstep's Xscan, primarily a search utility, incorporates a special menu to make it easier for macOS users to find potential weaknesses in their systems, looking at the areas singled out by the above book.
Some of these weaknesses were coincidentally exploited in the Month of Apple Bugs.
Following is a quick demo of Xscan running through the entire gamut of 'Hacking Exposed' search options. The directory /Library was chosen for the sake of brevity. (The entire demo takes but a minute and a half.)
The Searches
Regex (⌘S)
Preliminary. First set the regular expression for the searches. Default is '.' ('dot', 'full stop') for all files.
ACEs (⌘1)
Search for files with access control entries. Access control entries can at times override ordinary file permissions.
Empty File (⌘2)
See Hacking Exposed for a discussion of the dangers here.
Empty Folder (⌘3)
See Hacking Exposed for a discussion of the dangers here.
Extended Attrs (⌘4)
These critters were used in the infamous Oompa Loompa attack.
S/U Flags (⌘5)
System and user flags are additional data governing file permissions.
Multi-linked (⌘6)
Or files with (additional) hard links.
Set Group ID (⌘7)
A possible route for unwanted privilege escalation.
Set User ID (⌘8)
A possible route for unwanted privilege escalation.
World-writable (⌘9)
World-writable files are a total no-no.