toggle

AAPL Stock: 104.83 ( + 1.84 )

Printed from http://www.macnn.com

Mac OS X 'a lot of fun' to exploit, claims expert

updated 09:35 am EDT, Tue March 17, 2009

Ease of Mac exploits

Mac OS X is remarkably easy to attack, claims a security consultant who presented at the recent SOURCE conference in Boston. Dino Dai Zovi suggests that the heap memory in the OS is badly guarded, making it easy to discover where critical libraries are found. Tied into the vulnerability are said to be flaws in various programs and system components, allowing heap memory to be altered.

A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data. All that is need is as few as 12 bytes of code to assume control of a Mac, according to Dai Zovi, so long as a string contains executable machine instructions. "Writing exploits for Vista is hard work," the consultant says. "Writing exploits for Mac is a lot of fun."

The situation may be changing however, as Apple has made the iPhone version of Mac OS X immune to the heap attacks. Hacking should become still harder with the arrival of Mac OS X Snow Leopard, which is slated to use a new type of address space randomization, making it harder to locate routines. Apple has identified security as one of the key priorities of Snow Leopard, due for release later this year.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. MeandmyMac

    Joined: Dec 1969

    +15

    See...

    We Mac users said all along that Mac OS's were easy! Now we got a second opinion! : )

  1. wadesworld

    Joined: Dec 1969

    +10

    Uh no duh...

    "A given example is that if a routine does not accurately check string lengths, it can be written to a memory sector too small to hold it, causing overwrites of other data."

    Uh, no duh.

    Buffer overflows are a problem for every platform, including Windows.

  1. jpellino

    Joined: Dec 1969

    +16

    Uh huh.

    Let's see a live demo. No phishing, no user. Show them live how you can pwn a bog standard OSX install from the net with no user interaction and it'll be news.

  1. ludachrs

    Joined: Dec 1969

    +15

    Dino Dai Zovi

    talking about writing exploits is fun, writing exploits is hard. lets see him pwn any mac he has no interaction with.

  1. Mr. Strat

    Joined: Dec 1969

    +9

    It's FUD time again!

    Next month will mark eight years since OS X was introduced and still no viruses.

    C'mon buddy...just go cash your check from Monkey Boy and STFU.

  1. vasic

    Joined: Dec 1969

    +14

    Having a hard time...

    I am struggling to take what Mr. Zovi is saying as truth. Computer exploits are serious and lucrative business. There is a multi-billion dollar underground market for bot nets out there. Since writing malware is a business, one would presume the easiest effort required would probably be the most preferred. If Mac OS X is so easy and fun to exploit, why would anyone want to spend all the time writing a virus for Vista if they could write ten of them for Mac? As we know, Macs are generally owned by more affluent parts of world population. Consequently, they have more reliable, faster connections to the internet. In addition, they are rarely shut down. As such, they provide very strong argument for being commandeered into botnets.

    And yet, the world is still waiting for a first Mac botnet.

  1. eldarkus

    Joined: Dec 1969

    +5

    well

    I can break into any bank vault in the world.. no problem.

    Oh u want proof? well, errr.. uhhh... just trust me.

  1. zehspoon1

    Joined: Dec 1969

    +5

    Ego

    It is interesting to see one stroke their own ego. It almost makes me feel sorry for this person.

  1. chas_m

    Joined:

    +6

    Put up or ...

    ... at least let Apple know what the problem you've "found" is.

    I'm all for people testing, poking and prodding Mac OS X to find security vulnerabilities. But if you're not going to act like a "white hat" and give Apple the first head's up, you're an a-hole who should be disregarded at best, pelted with rocks and garbage at worst.

  1. b9robot

    Joined: Dec 1969

    +9

    This guy is Full of it!

    8 years and no viruses, spyware, or live, real, breaks anywhere in the world! If it was soooooooo easy it would have already happened long, long, ago. This guy is full of it!
    He wouldn't know an exploit from the hole in his head!
    Apple has worked very hard from day one on security and has never stopped. Every time we hear about exploits its because of some stupid contest which allows admin rights and physical access to the machine and OS. Never a REAL TEST with no physical access to the machine with no user access. Without real access this guy couldn't touch an OSX machine. That's a proven fact for the last 8 years!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fr ...

toggle

Most Commented