InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,615.35
(
0.55%
)
US TECH 100
19,804.00
(
0.64%
)
Dow Jones
40,000.90
(
0.62%
)
Brent Oil
84.57
(
0.00%
)
Bitcoin
59,785.36
(
0.93%
)
Post# of 249238
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

dude_danny

Send PM Follow Ignore
Followers 3
Posts 555
Boards Moderated 0
Alias Born 07/31/2003

dude_danny

Re: None

Tuesday, 08/14/2007 12:11:28 PM

Tuesday, August 14, 2007 12:11:28 PM

Post# of 249238
Hacking a Mac 'just works', says researcher
Insecurity, insecurity, insecurity...

http://software.silicon.com/security/0,39024655,39168138,00.htm

By Robert Vamosi

Published: Tuesday 14 August 2007

Show related
articlesMacs are as easy to hack as they are to use, according to security researcher Charles Miller.

Miller and his colleagues at Independent Security Evaluators discovered the first known vulnerability within the Apple iPhone.

During his presentation, 'Hacking Leopard: Tools and techniques for attacking the newest Mac OS X', at the recent Black Hat Briefings, Miller said that for some reason the Mac OS has more than 50-plus 'Suid' root programs.





Suid stands for "set user ID" and is used to temporarily elevate privileges to perform a specific task such as running executables.

Given the root access provided by these tools, they provide at least one vector for attack.

Another vector is Safari, which when opened also opens several applications including: Address Book, BOMArchiveHelper, Dictionary, DiskImageMounter, Finder, Help Viewer, iCal, iChat, iPhoto, iTunes, Keynote, Mail, Preview, QuickTime Player, Script Editor, Sherlock and Terminal.

A flaw in any one of these could be easily exploited over the web. That's because Apple's operating system doesn't randomise the location of the stack, the heap, the binary image or the dynamic libraries, meaning an attacker would know where in memory these applications are loaded on almost every machine running Mac OS X.

Open source is yet another vector for new attacks on Apple Macs.

Miller said that on 31 July Apple did update its version of Samba - but that was the first time in two and a half years, and the latest version still fell short of the current open-source version.

Miller said his formula for finding a zero-day flaw on a Mac is this: "Find an open source package that they use that's out of date - there's, like I said, plenty of those."

He then suggested reading through the change log for the current version of any of the above open source software to find a useable bug that's been fixed in the newer version but still vulnerable to Mac OS X users.

Miller said by doing this, "you won't have to worry about static analysis or fuzzing or any of that stuff".

Several attempts to contact Apple for comment on this story went unanswered.

Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up