toggle

AAPL Stock: 562.29 ( -3.03 )

MacNN News

Mac OS X 'a lot of fun' to exploit, claims expert

updated 09:35 am EDT, Tue March 17, 2009

Ease of Mac exploits

Mac OS X is remarkably easy to attack, claims a security consultant who presented at the recent SOURCE conference in Boston. Dino Dai Zovi suggests that the heap memory in the OS is badly guarded, making it easy to discover where critical libraries are found. Tied into the vulnerability are said to be flaws in various programs and system components, allowing heap memory to be altered.

A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data. All that is need is as few as 12 bytes of code to assume control of a Mac, according to Dai Zovi, so long as a string contains executable machine instructions. "Writing exploits for Vista is hard work," the consultant says. "Writing exploits for Mac is a lot of fun."

The situation may be changing however, as Apple has made the iPhone version of Mac OS X immune to the heap attacks. Hacking should become still harder with the arrival of Mac OS X Snow Leopard, which is slated to use a new type of address space randomization, making it harder to locate routines. Apple has identified security as one of the key priorities of Snow Leopard, due for release later this year.

by MacNN Staff

(27)

TAGS :

security, Mac OS X

Share the Article

Facebook Twitter Delious Slash Dot Digg

toggle

Comments

MeandmyMac
Fresh-Faced Recruit

Joined: Feb 2008

+15

03/17, 10:02am | report spam | close Reply |
See...

We Mac users said all along that Mac OS's were easy! Now we got a second opinion! : )

wadesworld
Grizzled Veteran

Joined: Apr 2001

+10

03/17, 10:02am | report spam | close Reply |
Uh no duh...

"A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data."

Uh, no duh.

Buffer overflows are a problem for every platform, including Windows.

jpellino
Fresh-Faced Recruit

Joined: Oct 1999

+16

03/17, 10:04am | report spam | (1 reply) close Reply |
Uh huh.

Let's see a live demo. No phishing, no user. Show them live how you can pwn a bog standard OSX install from the net with no user interaction and it'll be news.

ludachrs
Fresh-Faced Recruit

Joined: Sep 2005

+15

03/17, 10:25am | report spam | close Reply |
Dino Dai Zovi

talking about writing exploits is fun, writing exploits is hard. lets see him pwn any mac he has no interaction with.

Mr. Strat
Fresh-Faced Recruit

Joined: Jan 2002

+9

03/17, 10:28am | report spam | (1 reply) close Reply |
It's FUD time again!

Next month will mark eight years since OS X was introduced and still no viruses.

C'mon buddy...just go cash your check from Monkey Boy and STFU.

vasic
Fresh-Faced Recruit

Joined: May 2005

+14

03/17, 10:34am | report spam | (1 reply) close Reply |
Having a hard time...

I am struggling to take what Mr. Zovi is saying as truth. Computer exploits are serious and lucrative business. There is a multi-billion dollar underground market for bot nets out there. Since writing malware is a business, one would presume the easiest effort required would probably be the most preferred. If Mac OS X is so easy and fun to exploit, why would anyone want to spend all the time writing a virus for Vista if they could write ten of them for Mac? As we know, Macs are generally owned by more affluent parts of world population. Consequently, they have more reliable, faster connections to the internet. In addition, they are rarely shut down. As such, they provide very strong argument for being commandeered into botnets.

And yet, the world is still waiting for a first Mac botnet.

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

+5

03/17, 10:37am | report spam | close Reply |
well

I can break into any bank vault in the world.. no problem.

Oh u want proof? well, errr.. uhhh... just trust me.

zehspoon1
Fresh-Faced Recruit

Joined: Mar 2007

+5

03/17, 10:54am | report spam | close Reply |
Ego

It is interesting to see one stroke their own ego. It almost makes me feel sorry for this person.

chas_m
Fresh-Faced Recruit

Joined: Aug 2001

+6

03/17, 11:02am | report spam | close Reply |
Put up or ...

... at least let Apple know what the problem you've "found" is.

I'm all for people testing, poking and prodding Mac OS X to find security vulnerabilities. But if you're not going to act like a "white hat" and give Apple the first head's up, you're an a-hole who should be disregarded at best, pelted with rocks and garbage at worst.

b9robot
Fresh-Faced Recruit

Joined: Feb 2009

+9

03/17, 11:17am | report spam | close Reply |
This guy is Full of it!

8 years and no viruses, spyware, or live, real, breaks anywhere in the world! If it was soooooooo easy it would have already happened long, long, ago. This guy is full of it!
He wouldn't know an exploit from the hole in his head!
Apple has worked very hard from day one on security and has never stopped. Every time we hear about exploits its because of some stupid contest which allows admin rights and physical access to the machine and OS. Never a REAL TEST with no physical access to the machine with no user access. Without real access this guy couldn't touch an OSX machine. That's a proven fact for the last 8 years!

b9robot
Fresh-Faced Recruit

Joined: Feb 2009

+1

03/17, 11:17am | report spam | close Reply |
This guy is Full of it!

8 years and no viruses, spyware, or live, real, breaks anywhere in the world! If it was soooooooo easy it would have already happened long, long, ago. This guy is full of it!
He wouldn't know an exploit from the hole in his head!
Apple has worked very hard from day one on security and has never stopped. Every time we hear about exploits its because of some stupid contest which allows admin rights and physical access to the machine and OS. Never a REAL TEST with no physical access to the machine with no user access. Without real access this guy couldn't touch an OSX machine. That's a proven fact for the last 8 years!

macbroadway
Fresh-Faced Recruit

Joined: Jul 2008

+3

03/17, 11:20am | report spam | close Reply |
Puh.lease

The fact that the statement mentions Windows Vista makes it suspect right off the bat. Makes the whole story sound like it's being told by the PC guy from the Apple commercials.

So, where are exactly are all these exploits that are so fun to write?

The truth is that Mac OS X has shown its strength in 8 years. I support both Macs and PCs and dealing with Windows is nothing short of torturous, since so much time is devoted to fighting viruses, spyware, bots, etc.

monkeymilk
Fresh-Faced Recruit

Joined: Apr 2007

+10

03/17, 11:25am | report spam | (1 reply) close Reply |
Maybe some truth hear

This story got my hackles up too but to be fair Dino is a Mac user and Leopard is his OS of choice, he's far from an M$ flunkie.

He (along with colaborators) also did demonstrate a compromise at the CanSecWest security event in both 2007 and 2008. The last being a fault in Safari that was quickly patched.

Unfortunately the 'journalist' who chose the quotes painted him as a hacking goon where-as really we should applaud him for keeping Apple on their toes.

Without people like this it would be all too easy for Apple to ignore security advances like Address Space Randomidation (not until 10.6) and slide into the B team of OS security.

macaphil
Fresh-Faced Recruit

Joined: Sep 2008

+4

03/17, 11:28am | report spam | close Reply |
Can't ignore

While he sounds like someone to blow off, I can't help but think it is worth investigating by security to see if there is any merit to his argument. Look Lehman Brothers was too big to fail, the stock market couldn't drop 50%, housing has never seen a down year, etc. Just because we haven't seen it happen yet, doesn't mean it isn't possible.

Johnny Niles
Fresh-Faced Recruit

Joined: Jun 2007

+2

03/17, 11:46am | report spam | (1 reply) close Reply |
This guy is a moron

Dino Dai Zavi is the same person who loves to brag about how easy it is to hack a Mac - the part he ALWAYS leaves out is that he can't do it without having the admin password. He can't hack into a Mac from the outside with no admin password. NOBODY can. To this day, not a single person has been able to hack into a Mac without having somebody physically in front of the Mac entering their admin password.

All he is doing is spreading FUD. He is not being responsible and giving out all the details, he's deliberately making it look like he can hack any Mac any time he wants to.

He can't. We all know no OS is perfect, and OS X has its share of flaws. But to get to these flaws in the first place you need an admin password. That's all there is to it. That's the part he leaves out every time he shoots his mouth off about how easy it is to hack OS X.

All you need to do is not allow suspicious programs to run, and you won't have any problems. Hey Dino, did you ever think of that, you half wit blow hard?

testudo
Fresh-Faced Recruit

Joined: Aug 2001

-3

03/17, 01:44pm | report spam | (1 reply) close Reply |
Re: the guy is a ...

All you need to do is not allow suspicious programs to run, and you won't have any problems. Hey Dino, did you ever think of that, you half wit blow hard?

Um, what is a 'suspicious program'? Is that a program that doesn't come from Apple? Is it one that isn't open source? Is it one that has a big pirate logo on it, and named 'Suspicious Program v3.0'?

The truth is people have no clue what software is doing on your computer, what data it could be collecting and sending back to the mothership, or have no idea why it requires an admin password in order to install it, but will give it to it because they figure it must need it.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

-5

03/17, 01:46pm | report spam | close Reply |
admin password

And can someone explain to simple mac users why an admin password is needed to restore or update the software on an iPod?

lantzn
Fresh-Faced Recruit

Joined: Mar 2009

+2

03/17, 02:13pm | report spam | close Reply |
He's love his Macs

The man actually loves his Macs. You'll also find out that none of the vulnerabilities have ended up in the wild.

http://daringfireball.net/2007/04/interviewdinodai_zovi

resuna
Fresh-Faced Recruit

Joined: Jan 2005

+1

03/18, 03:24pm | report spam | close Reply |
Surface area for attack

You don't need a buffer overflow to attack Vista, Internet Explorer has a whole API (ActiveX) for virus installation!

Tack
Fresh-Faced Recruit

Joined: Jun 2006

+1

03/18, 05:20pm | report spam | close Reply |
Evidence of Hackage?

http://www.theregister.co.uk/2006/03/09/machackingchallenge/

Two contests were run. The first contest ran 30 minutes before the mac was hacked. Contestants were given unprivileged user accounts on the machine. Conclusion: A user with an unprivileged account can gain a privileged account on Mac OS X. That's a problem.

The other contest (a response to the first being "too easy") ran 38 hours before the plug was pulled by the university. The machine was not compomised. There were two accounts on this machine, and neither was given to the contestants. Tentative conclusion: If you don't have a local account, a mac is hard to hack. That's good.

fubar_this
Fresh-Faced Recruit

Joined: Jul 2006

0

03/22, 05:29pm | report spam | close Reply |
Market share is king

Most malware these days is not self spreading, including Windows malware. Browser vulnerabilities are the most popular means of spreading, including on Windows. So people on here saying "no viruses means Mac OS X is safe" need to get a clue. Viruses are so 2004. There hasn't been a self spreading virus on Windows since 2005 (SQLSlammer). Using vulnerabilities in the browser and other Internet enabled programs to spread are what's hot right now. Almost all malware on a PC spreads because somebody downloads it (knowingly or not) by visiting a Web site--sometimes a known good Web site like the Dolphin stadium Web site (which was hacked in 2007 just before the Superbowl, and it infected over 200,000 people when they simply visited the Web site using a vuln in Internet Explorer).

Second, there have been plenty of vulnerabilities for Mac OS X. In fact QuickTime had more vulnerabilities in it in 2006 and 2007 than Windows did. And people did write exploits for them�on Windows. The MySpace/QuickTime worm was the biggest malware outbreak of 2006, and the same vulnerability affected Mac OS X but nobody wrote an exploit for it on Mac OS X, only Windows.

Why? Market share. That malware infected 25 million people in 2 weeks. Apple estimates there's only 30 million Mac customers--it's a no brainer. Vulnerabilities are a business. When you take into account how much work it is to find a Mac developer, find some way of distributing the malware to targeted Mac customers (via emails, phishing, whatever) then it's not worth it.

Even Vista's market share eclipses Mac OS X's. There's about 40 million Vista customers, which by Windows standards makes it a ho-hum seller. But by Mac OS X sales standards, it's a blockbuster.

Show More Comments

Login Here

toggle

Network Headlines

05/26	Apple updates iOS 5.1.1 release for...
05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple hiring new chip engineers for...
05/25	Third-gen iPad coming to Philippines...
05/25	Apple to integrate Baidu search into...

Show All

05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple to integrate Baidu search into...
05/25	Google picks up webOS Enyo team, Open...
05/24	Apple submits surprise optical stylus...
05/24	Yahoo releases Axis 'visual search'...

Show All

05/25	Sotheby to auction Jobs Atari memo,...
05/23	Google launches redesigned Search app...
05/22	Leaked next-gen iPod touch part hints...
05/22	Hulu Plus updates with iPad Retina...
05/22	TiVo Stream to push TV to iPhones,...

Show All

03/02	Save $330 on refurb. 15.4-inch, 2.4GHz...
03/01	Pre-owned 8GB iPod touch 2G, drops...
02/29	$150 off Nikon Coolpix S80 Compact...
02/28	Plantronics BackBeat 903 Bluetooth...
02/27	Refurb. Seagate 1.5TB GoFlex Portable...

Show All

toggle

Mac OS X 'a lot of fun' to exploit, claims expert

updated 09:35 am EDT, Tue March 17, 2009

Ease of Mac exploits

See...

Uh no duh...

Uh huh.

Dino Dai Zovi

It's FUD time again!

Having a hard time...

well

Ego

Put up or ...

This guy is Full of it!

This guy is Full of it!

Puh.lease

Maybe some truth hear

Can't ignore

This guy is a moron

Re: the guy is a ...

admin password

He's love his Macs

Surface area for attack

Evidence of Hackage?

Market share is king

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace

Mac OS X 'a lot of fun' to exploit, claims expert

updated 09:35 am EDT, Tue March 17, 2009

Ease of Mac exploits

Related Articles

Recent Articles

See...

Uh no duh...

Uh huh.

Dino Dai Zovi

It's FUD time again!

Having a hard time...

well

Ego

Put up or ...

This guy is Full of it!

This guy is Full of it!

Puh.lease

Maybe some truth hear

Can't ignore

This guy is a moron

Re: the guy is a ...

admin password

He's love his Macs

Surface area for attack

Evidence of Hackage?

Market share is king

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace