Fast Company

Black Hat Hacker Reveals Your Mac's Not as Safe as You Think

Just yesterday we learned of the iPhone's security issues, and today another Apple security flaw has been outed. According to a hacker there's a simple weakness in OS X that can give a malicious coder complete control of a Mac.

Dangerous MacsThe chap concerned is Dino Dai Zovi, more expert Mac coder and researcher than evil hacker, of course, and he's presented his findings at the Black Hat conference on computer security at Las Vegas. Zovi has uncovered a serious flaw in OS X. At the core of the hack is a short code script that would give a hacker access to a Mac's memory. Through this it's possible to gain root access to the machine, and subsequently a remote TCP connection is setup. That then would allow someone to gain access to your personal data, attack the machine, execute files, or quietly monitor Safari to sniff your attempts to access your bank details online.

This, indeed, sounds like scary stuff. But it carries extra weight because Macs are traditionally imagined to be more immune to viruses and hacks than PCs--it's one big part of the Macs vs PCs fight. Apple even parodies this in its Microsoft-bashing ad campaign. In reality, of course, nearly every computer of every type, irrespective of its OS, is open to attack unless it employs an air-gap firewall--if it's not connected to anything else over any sort of network...even then it's still possible to snoop on the machine using other methods.

Mac users perception that their machines are virus proof is at odds with reality, and is borne of the fact that Macs had such a small market share that they weren't often targeted by hackers. But as Zovi's work demonstrates--your Mac is vulnerable too. Lets hope Apple reacts swiftly to this with a patch.

[via DailyTech]

Related Stories:
Your iPhone Could Kill Cellphone Towers, Steal Your Identity
Hacking the iPhone
Fear of a Black Hat

Add New Comment

7 Comments

  • Justinds89

    @ Kit Eaton

    I also have not had a single virus in 2+ years on a PC so your statement is irrelevant. Are there less viruses on Macs? Of course because of the low market share not because their invincible. Although you can easily avoid viruses on a PC with just some simple safe browsing habits.

    Also to do with your screen of death statement. I find it funny do to I have had none. But I have seen a lot of home users who do get a blue screen of death while working at a computer repair business. Usually these are due to driver issues or failing hardware. Which rather you have a Mac or not doesn't matter here. Mac is just an operating system and hardware failure still occurs with both.

  • Kit Eaton

    @Tinu... have to agree with the "we do have fewer problems" point, in many different aspects--in five years of Mac ownership I must've seen just two grey-screen-of-deaths, and not had a single virus.
    @Eric. There wasn't much detail available at the time... but you can be sure you'll hear more of it from Apple if it's as serious a loophole as it sounds.

  • eric martinson

    I agree with Tinu on this one... there isn't a computing platform on the planet that isn't hackable. And the SMS flaw they found happens on a bunch of platforms, including Windows mobile and Symbian (which has a much higher rate of adoption than all others combined).

    The only problem I have with this article is the fact that there's no detail AT ALL. Exactly, how is this exploit executed? Is it a similar to the almost-academic-exercises of rootkits and warez? Can you get this over the web with a web browser? That would help people make a real decision as to what to think about it.

  • eric martinson

    I agree with Tinu on this one... there isn't a computing platform on the planet that isn't hackable. And the SMS flaw they found happens on a bunch of platforms, including Windows mobile and Symbian (which has a much higher rate of adoption than all others combined).

    The only problem I have with this article is the fact that there's no detail AT ALL. Exactly, how is this exploit executed? Is it a similar to the almost-academic-exercises of rootkits and warez? Can you get this over the web with a web browser? That would help people make a real decision as to what to think about it.

  • Tinu Abayomi-Paul

    I believe the smugness of the Mac user in this department to be a myth. I have a Mac now after years of not only being a PC user, but five years of supporting PCs. And I don't believe my computer is impenetrable now that I have a Mac, nor do I know any Mac user who truly believes that.

    Yeah, in actual fact, we do experience fewer problems - I use Windows on my Mac and it runs better on the Mac than it ever did on my PC, so I feel like I have the best of both worlds.

    So that it's vulnerable to hacking is not a surprise, at all. And while I'm an atypical user, I don't know a single Mac user who thinks that ANY computer is immune from hacking. Yes, many of us feel safER, because that's what we're experiencing - but I don't know anyone thick enough to truly believe the Mac, or any computer or any operating system can't be conquered.

  • eric martinson

    I agree with Tinu on this one... there isn't a computing platform on the planet that isn't hackable. And the SMS flaw they found happens on a bunch of platforms, including Windows mobile and Symbian (which has a much higher rate of adoption than all others combined).

    The only problem I have with this article is the fact that there's no detail AT ALL. Exactly, how is this exploit executed? Is it a similar to the almost-academic-exercises of rootkits and warez? Can you get this over the web with a web browser? That would help people make a real decision as to what to think about it.