updated 09:35 am EDT, Tue March 17, 2009
Ease of Mac exploits
Mac OS X is remarkably easy to attack, claims a security consultant who presented at the recent SOURCE conference in Boston. Dino Dai Zovi suggests that the heap memory in the OS is badly guarded, making it easy to discover where critical libraries are found. Tied into the vulnerability are said to be flaws in various programs and system components, allowing heap memory to be altered.
A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data. All that is need is as few as 12 bytes of code to assume control of a Mac, according to Dai Zovi, so long as a string contains executable machine instructions. "Writing exploits for Vista is hard work," the consultant says. "Writing exploits for Mac is a lot of fun."
The situation may be changing however, as Apple has made the iPhone version of Mac OS X immune to the heap attacks. Hacking should become still harder with the arrival of Mac OS X Snow Leopard, which is slated to use a new type of address space randomization, making it harder to locate routines. Apple has identified security as one of the key priorities of Snow Leopard, due for release later this year.