toggle

AAPL Stock: 502.12 ( -0.09 )

Macs susceptible to inherent security vulnerability

updated 11:10 am EST, Fri February 20, 2009

Inherent Mac vulnerability


Macs are exposed to a dangerous vulnerability inherent to the structure of the Mac OS, claims a presenter from this week's Black Hat DC security conference. Vincenzo Iozzo, a student from Italy's Politecnico di Milano, says he has pinpointed an attack based on the way Macs allocate memory. In dissecting the Mach-O file format, Iozzo notes that he has been able to learn where application processes will appear in a Mac's memory. A skilled hacker could use the knowledge to insert malicious code into the same space as an active process, like Safari, and force a Mac to run malware.

Though Apple has tried to defend against such an attack by randomizing the location of certain variables, Iozzo observes that the process is not truly random, and that some information in Mac OS X provides clues as to where variables will appear. A successful attack using this technique would be especially serious, it is said, because it would leave no trace once a computer is shut off.

Iozzo suggests that any remedy for the problem will require a major revision of Mac OS X, such as Snow Leopard, though it is not known if Apple is attempting a fix. The likelihood of the memory allocation attack is low according to security researchers such as Dino Dai Zovi, who observes that it requires special effort and would target a platform normally ignored by hackers. Iozzo adds that an attack would be dependent on other vulnerabilities, which could potentially be defeated by normal security updates.


by MacNN Staff

print
email
(20)

TAGS :

 security, Mac OS X

Related Articles

Recent Articles

toggle

Comments

  1. InfraredAD

    Fresh-Faced Recruit

    Joined: May 2001

    +13
    02/20, 11:44am | report spam | Reply |

    Useful

    I'm glad there are guys out there like this. It isn't Mac bashing, there's no petty fan boy stuff going on here, it's just pointing out a vulnerability.

    If people understand that Macs aren't completely immune to attack then maybe everyone will have a more realistic picture of the platform we all love to work on.

    Past that it's up to Apple to make a secure OS and up to the user to be educated. Anti-virus software doesn't solve everything.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    -6
    02/20, 11:59am | report spam | Reply |

    Re: Useful

    Anti-virus software doesn't solve everything.

    Wait! Are you saying anti-virus software solves something? For the Mac, at least, anti-virus software tends to be the most unstable creatures one could put on their system. But I guess if you want to make sure your computer is not attacked, installing NAV will help that, since it will make the mac so unstable, you'll end up keeping it turned off, and you can't get infected when the mac is off....

  1. Chris Paveglio

    Fresh-Faced Recruit

    Joined: Jul 2002

    +14
    02/20, 12:08pm | report spam | (1 reply) Reply |

    whats the requirement

    Considering the inherent security of OSX, what is the circumstance in which this guy's scenario works? Does the hacker need physical access? Does it come in via email? Does the user have to launch the app themselves.
    He may be right but there are already many roadblocks to hackers. More detail is needed for me to take this as a serious issue.

  1. dliup

    Fresh-Faced Recruit

    Joined: Jan 2006

    +9
    02/20, 12:14pm | report spam | Reply |

    WHAT IF???

    Yes, I could potentially break into fort knox and steal tons of gold. You do that by circumventing security.

    Anything could probably be broken into if you have enough resources. Whether it's worth the resources or if it's possible with finite resources is questionable.

    Vincenzo Iozzo could possibly die a painful death of getting crashed by an airplane falling out of the sky. It's possible but doesn't mean it's likely to happen.

  1. Salty

    Professional Poster

    Joined: Jul 2005

    +3
    02/20, 12:49pm | report spam | Reply |

    Frustrating

    I understand why some blackhats feel this is necessary but really this isn't something Apple can fix with a quick patch. This is basically telling other people hey do what I did and you can find out, and then it's more likely to get exploited. This doesn't actually help security. Especially since not all Macs are going to be able to be upgraded. The question is what else is needed for this exploit to take hold?

  1. MacScientist

    Junior Member

    Joined: Feb 2000

    +9
    02/20, 12:59pm | report spam | Reply |

    re: Whats the requirement

    Chris Paveglio wrote: ... what is the circumstance in which this guy's scenario works? Does the hacker need physical access? Does it come in via email? Does the user have to launch the app themselves. ...

    By my reading, this report if accurate [which is by no means a certainty for MacNN] covers a way that malware might work after it is installed. This is not a new attack vector. The malware that implements the reported technique must still be installed on the system. There is not a hint about how this critical infection step would be accomplished.

  1. Smurfman

    Fresh-Faced Recruit

    Joined: May 2001

    +10
    02/20, 01:05pm | report spam | Reply |

    One impressive thing

    One thing that impressed me, even though this is showing a vulnerability, is that Apple had recognized the potential for this vulnerability (maybe when it was NeXT or at OS X's inception) and took measures to randomize (to some degree) the location of applications processes. They didn't do a perfect job of this, if that's possible, but it's impressive to see some measures were taken.

  1. Johnny Niles

    Fresh-Faced Recruit

    Joined: Jun 2007

    +10
    02/20, 01:24pm | report spam | Reply |

    No details?

    The lack of details regarding how this vulnerability is accessed, makes this information very nearly useless. For all we know it could require explicit admin access to even get to this vulnerability in the first place, in which case this is no more serious than any trojan. One thing the article does say is:

    "Iozzo adds that an attack would be dependent on other vulnerabilities"

    meaning that even for a skilled hacker, quite a few different things would have to line up for this to even be possible. I agree that knowing about vulnerabilities is good. I disagree that something like this is something anybody actually needs to worry about necessarily, because of the ambiguity of the steps needed to take in order to even get to it.

    Remember all the ballyhoo about that guy who "hacked a Mac in two minutes" to claim a prize? He didn't "hack" the Mac, he had to email his trojan app to a user who was sitting in front of the Mac with an admin password. Then that guy had to enter his admin password - TWICE - before the app would run. Once it ran, THEN it had access to Safari and that vulnerability.

    Again, it required an admin password to get that far. All the FUD about that "hack" was ridiculous. As far as I'm concerned, this is the same thing. The headline of this article says "Macs susceptible". Is it? Is it really? Is this something that can affect Macs in the wild, without needing any sort of permission granted?

    Highly unlikely. Oh, and Dino Zovi is completely full of it when he says the Mac is a platform normally ignored by hackers. That's the same idiotic "security through obscurity" argument that falls apart every time you throw facts at it. If hackers aren't interested, then why do so many of them try to crack the Mac when there's a $10,000 prize involved? And why do all of them fail to hack into the Mac every single time?

    It's not because of obscurity, you bonehead.

  1. b9robot

    Fresh-Faced Recruit

    Joined: Feb 2009

    +7
    02/20, 02:30pm | report spam | (1 reply) Reply |

    OSX has been out 8 Years

    OSX has been out 8 Years. Not one real attack that has compromised any data. I think the linux boys should stick with there own platform and worry about Linux. Apple is constantly looking at security and how to make it better. That's the way OSX started 8 plus years ago with security first. All of those fake security contests had the users with physical access to the machine with admin rights. That doesn't prove anything. Have them try over a network, and without the admin password.

  1. resuna

    Fresh-Faced Recruit

    Joined: Jan 2005

    +10
    02/20, 02:37pm | report spam | Reply |

    Misleading description

    This is not a "vulnerability of Mac OS X", this is a demonstration that under some circumstances a mechanism Apple uses to prevent a class of attacks that are effective against other operating systems is not perfect.

    Basically, Apple randomizes the addresses of system libraries so that if an application has something like a stack overflow vulnerability, it's harder to exploit. All that this demonstrates is that "harder" and "impossible" are not synonyms. This is not news. :)

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Powerbag Business Class Bag

Many companies currently offer battery packs and various accessories to keep smartphones and other gadgets charged when away from an o ...

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

toggle

Most Commented

10 Most Discussed

 

Popular News