AAPL Stock: 118.27 ( -0.61 )

Printed from

Mac OS X 'a lot of fun' to exploit, claims expert

updated 09:35 am EDT, Tue March 17, 2009

Ease of Mac exploits

Mac OS X is remarkably easy to attack, claims a security consultant who presented at the recent SOURCE conference in Boston. Dino Dai Zovi suggests that the heap memory in the OS is badly guarded, making it easy to discover where critical libraries are found. Tied into the vulnerability are said to be flaws in various programs and system components, allowing heap memory to be altered.

A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data. All that is need is as few as 12 bytes of code to assume control of a Mac, according to Dai Zovi, so long as a string contains executable machine instructions. "Writing exploits for Vista is hard work," the consultant says. "Writing exploits for Mac is a lot of fun."

The situation may be changing however, as Apple has made the iPhone version of Mac OS X immune to the heap attacks. Hacking should become still harder with the arrival of Mac OS X Snow Leopard, which is slated to use a new type of address space randomization, making it harder to locate routines. Apple has identified security as one of the key priorities of Snow Leopard, due for release later this year.

by MacNN Staff




  1. MeandmyMac

    Joined: Dec 1969



    We Mac users said all along that Mac OS's were easy! Now we got a second opinion! : )

  1. wadesworld

    Joined: Dec 1969


    Uh no duh...

    "A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data."

    Uh, no duh.

    Buffer overflows are a problem for every platform, including Windows.

  1. jpellino

    Joined: Dec 1969


    Uh huh.

    Let's see a live demo. No phishing, no user. Show them live how you can pwn a bog standard OSX install from the net with no user interaction and it'll be news.

  1. ludachrs

    Joined: Dec 1969


    Dino Dai Zovi

    talking about writing exploits is fun, writing exploits is hard. lets see him pwn any mac he has no interaction with.

  1. Mr. Strat

    Joined: Dec 1969


    It's FUD time again!

    Next month will mark eight years since OS X was introduced and still no viruses.

    C'mon buddy...just go cash your check from Monkey Boy and STFU.

  1. vasic

    Joined: Dec 1969


    Having a hard time...

    I am struggling to take what Mr. Zovi is saying as truth. Computer exploits are serious and lucrative business. There is a multi-billion dollar underground market for bot nets out there. Since writing malware is a business, one would presume the easiest effort required would probably be the most preferred. If Mac OS X is so easy and fun to exploit, why would anyone want to spend all the time writing a virus for Vista if they could write ten of them for Mac? As we know, Macs are generally owned by more affluent parts of world population. Consequently, they have more reliable, faster connections to the internet. In addition, they are rarely shut down. As such, they provide very strong argument for being commandeered into botnets.

    And yet, the world is still waiting for a first Mac botnet.

  1. eldarkus

    Joined: Dec 1969



    I can break into any bank vault in the world.. no problem.

    Oh u want proof? well, errr.. uhhh... just trust me.

  1. zehspoon1

    Joined: Dec 1969



    It is interesting to see one stroke their own ego. It almost makes me feel sorry for this person.

  1. chas_m



    Put up or ...

    ... at least let Apple know what the problem you've "found" is.

    I'm all for people testing, poking and prodding Mac OS X to find security vulnerabilities. But if you're not going to act like a "white hat" and give Apple the first head's up, you're an a-hole who should be disregarded at best, pelted with rocks and garbage at worst.

  1. b9robot

    Joined: Dec 1969


    This guy is Full of it!

    8 years and no viruses, spyware, or live, real, breaks anywhere in the world! If it was soooooooo easy it would have already happened long, long, ago. This guy is full of it!
    He wouldn't know an exploit from the hole in his head!
    Apple has worked very hard from day one on security and has never stopped. Every time we hear about exploits its because of some stupid contest which allows admin rights and physical access to the machine and OS. Never a REAL TEST with no physical access to the machine with no user access. Without real access this guy couldn't touch an OSX machine. That's a proven fact for the last 8 years!

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented