toggle

AAPL Stock: 105.22 ( + 0.39 )

Printed from http://www.macnn.com

Mac OS X on the exploit radar

updated 02:55 pm EDT, Wed June 6, 2007

OS X an exploit target

Analysts and security firms are increasingly recognizing Mac OS X as a potential target for exploits, though the actualized threat thus far has been virtually non-existent. A security research company released a piece of exploit code targeting a port mapping vulnerability in Mac OS X less than 24 hours after Apple had released a patch for it -- a potential sign that interest in such vulnerabilities is higher than previously accounted.

Rob Enderle, principal analyst for the Enderle Group, told eWeek: "It is very Microsoft. It's something we've grown to expect in Microsoft: The descriptions of patches lead people to write exploits for something that's been patched. It was only a matter of time before that kind of behavior hit [the Mac] platform. People are going after consumers, and they're going after consumers broadly."

One of the things analysts and some security researchers fault Apple for is the lack of a scheduled, regular patch process, as has been enacted by Microsoft in its "Patch Tuesday" mechanism, or Oracles tri-monthly system. Still, Apple is noted for its responsiveness in patching problems as they arise, despite the lack regularity.

Analysts also call for the implementation of ASLR (address space layout randomization)--a technology designed to allocate random space for memory making exploits difficult to determine. Microsoft has implemented this functionality in Windows Vista, though some would argue it's not necessary in Mac OS X, and Vista's implementation is far from bulletproof.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Guest

    Joined: Dec 1969

    0

    Rob Enderle as a source?

    Oh please...

  1. ricardogf

    Joined: Dec 1969

    0

    Ditto...

    ROB ENDERLE as a source in MacNN? Are you guys on crack again?

    Let the FUD games begin...it's just AMAZING. I am still waiting for the first virus in the wild to appear...even with more than 50 MILLION Mac users around the world...

    Please SHUT UP, Enderle...you are just Dvorak's disciple, nothing else.

  1. Deal

    Joined: Dec 1969

    0

    How many times...

    How many times have we heard this? I'll believe it when I see it.

  1. UberFu

    Joined: Dec 1969

    0

    what I like

    is how some "independent" security firm can ALWAYS find an exploit in OS X - left and right - and over and over agin - but then a whole freakin' gathering of Hackers have to have the bar lowered in order to win a prize in a contest on exploiting OS X_

    http://news.com.com/2100-7349_3-6178131.html?part=rss&tag=2547-1_3-0-5&subj=news#

    [Rhetorical Question] So is that a financial situation - since "big firms" have bazillions of dollars to do this "research" and the independent hacker community - usually don't have enough cash to move out of mom's house ?

    Interesting.....

  1. UberFu

    Joined: Dec 1969

    0

    one more thing...

    ...to this day since I started using Macs [1984] I have only come across 2 cases of virus' personally_ When I ran a computer lab for 6 years and someone "ignorantly" did something stupid - twice_

    Other than that I deal with PC folk constantly who are always re-installing everything [software and systems] 'cause they keep catching s*** that the Virus Software Companies can't resolve_

    The only reason I've ever re-installed an OS is when there is a new OS or on the rare occasion when I've gone into the system and messed with stuff to learn about it and can't figure out how to undo it_

    Otherwise I've never used or installed Virus Protection Software on a mac in 23 years_

    And none of this "noise" around the internet phases me in the least_

  1. FastAMX79

    Joined: Dec 1969

    0

    oh boy!!

    Non-Stories are fun!!!!

    Wake me up when this happens in the wild... (not being smug.. just truthful.. i know OS X is NOT as tight as a dolphin's bung-hole, but stories like this are only good for one thing.. FUD.

  1. MacnTX

    Joined: Dec 1969

    0

    Whatever...

    I don't care what Enderle and his gang of FUD peddlers say, I'm not buying AV software for my Macs, and I'm sure as h*** not going to consider Vista...

  1. danviento

    Joined: Dec 1969

    0

    Perhaps

    they bother putting a 3rd rate 3rd party source because they know people will come and see what junk they have to say, if for no other reason than to refute such bogus claims. More eyes means more cash for ads on the site.

    If nothing else, you can bone up on what the trash-talkers woud potentially throw down.

  1. lkrupp

    Joined: Dec 1969

    0

    They do have a point...

    While I agree that most of this is FUD and Apple bashing there is one point to make about this. Mac users are a tad on the smug side and there probably a large number of unpatched OS X systems out there. The so-called troubleshooting site MacFixit mundanely gives out advice on how to uninstall security updates and replace kext extensions instead of advising people to fix their machines so the updates can be applied properly. On Apple's discussion boards you regularly see individuals refusing to apply a security update because they are afraid something will go wrong. They have been influenced by the constant ranting of know nothing posters who allege all sorts of nasty problems to security and OS updates.

    I would guess there are many millions of unpatched OS X installations out there ripe for the picking if someone would take the time to attack them.

  1. hokizpokis

    Joined: Dec 1969

    0

    potentialvirus'update NOT

    above posters be warned of the soon to be infamous 'macintosh potential virus' that the above article from that 'PC guru Rob Enderle' is well just 'bad apples' pun intended...

    Yup, just another excuse to pen an article on speculations and fluff; errr.. everyone deserves to eat right?? Except this guy, he don't know when to quit.

    He still doesn't understand why hackers haven't had macs for breakfast yet.

    The reason should be clear and painfull to the entire world, but he knows better!!

    Yup, the superior software design otherwise known as OS X, is the trumpeted answer... and don't ever expect this dude to stop 'the sky from falling anyway routine', because where he computes from it's a dismil, dark, & dreery dungon of mal-software designed from the start to allow all activities of repute to flurish with wild abandon!!

    sorry to point out the obvious... hey I forgive the starveing writer types, it's not really thier fault that thier wifes who pen childrens books make more hoot then they do waiting for the sky to fall...

    dude get an iPhone and come over to the dark side, ha, ha, ha,

    (errr, blah, blah, blah)

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

toggle

Most Commented