Insecurity, insecurity, insecurity...
Published: 14 August 2007 08:39 GMT
Macs are as easy to hack as they are to use, according to security researcher Charles Miller.
Miller and his colleagues at Independent Security Evaluators discovered the first known vulnerability within the Apple iPhone.
During his presentation, 'Hacking Leopard: Tools and techniques for attacking the newest Mac OS X', at the recent Black Hat Briefings, Miller said that for some reason the Mac OS has more than 50-plus 'Suid' root programs.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Suid stands for "set user ID" and is used to temporarily elevate privileges to perform a specific task such as running executables.
Given the root access provided by these tools, they provide at least one vector for attack.
Another vector is Safari, which when opened also opens several applications including: Address Book, BOMArchiveHelper, Dictionary, DiskImageMounter, Finder, Help Viewer, iCal, iChat, iPhoto, iTunes, Keynote, Mail, Preview, QuickTime Player, Script Editor, Sherlock and Terminal.
A flaw in any one of these could be easily exploited over the web. That's because Apple's operating system doesn't randomise the location of the stack, the heap, the binary image or the dynamic libraries, meaning an attacker would know where in memory these applications are loaded on almost every machine running Mac OS X.
Open source is yet another vector for new attacks on Apple Macs.
Miller said that on 31 July Apple did update its version of Samba - but that was the first time in two and a half years, and the latest version still fell short of the current open-source version.
Miller said his formula for finding a zero-day flaw on a Mac is this: "Find an open source package that they use that's out of date - there's, like I said, plenty of those."
He then suggested reading through the change log for the current version of any of the above open source software to find a useable bug that's been fixed in the newer version but still vulnerable to Mac OS X users.
Miller said by doing this, "you won't have to worry about static analysis or fuzzing or any of that stuff".
Several attempts to contact Apple for comment on this story went unanswered.
Robert Vamosi writes for CNET News.com
Experience Required: - A minimum of 2 years experience of software development for iPhone and/or Mac OS X using Cocoa and Objective C Understanding ...
KEYWORDS : Mac OSX, Windows, OSX Server, ARD, Support, Macintosh, Windows Server, Quark Express, Adobe, MS Office, Extensis Suitcase, FTP, Carbon ...
Based in the Northwest, this leading systems supplier is the leader in the global market and due to continued expansion require an extra engineer ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business