Just yesterday we learned of the iPhone's security issues, and today another Apple security flaw has been outed. According to a hacker there's a simple weakness in OS X that can give a malicious coder complete control of a Mac.
The chap concerned is Dino Dai Zovi, more expert Mac coder and researcher than evil hacker, of course, and he's presented his findings at the Black Hat conference on computer security at Las Vegas. Zovi has uncovered a serious flaw in OS X. At the core of the hack is a short code script that would give a hacker access to a Mac's memory. Through this it's possible to gain root access to the machine, and subsequently a remote TCP connection is setup. That then would allow someone to gain access to your personal data, attack the machine, execute files, or quietly monitor Safari to sniff your attempts to access your bank details online.
This, indeed, sounds like scary stuff. But it carries extra weight because Macs are traditionally imagined to be more immune to viruses and hacks than PCs--it's one big part of the Macs vs PCs fight. Apple even parodies this in its Microsoft-bashing ad campaign. In reality, of course, nearly every computer of every type, irrespective of its OS, is open to attack unless it employs an air-gap firewall--if it's not connected to anything else over any sort of network...even then it's still possible to snoop on the machine using other methods.
Mac users perception that their machines are virus proof is at odds with reality, and is borne of the fact that Macs had such a small market share that they weren't often targeted by hackers. But as Zovi's work demonstrates--your Mac is vulnerable too. Lets hope Apple reacts swiftly to this with a patch.
[via DailyTech]
Related Stories:
Your iPhone Could Kill Cellphone Towers, Steal Your Identity
Hacking the iPhone
Fear of a Black Hat
Related Stories: | Topics:Innovation, Technology, Ethonomics, Mac Security, Apple. Mac, Black Hat, exploit, Dino Dai Zovi, memory, microsoft, Apple iPhone, Apple Inc., Consumer Electronics, Smartphones, Cellular Phones |
Email
Digg
StumbleUpon
Facebook
Buzz Up!
LinkedIn
Recent Comments | 6 Total
July 30, 2009 at 5:05pm by Tinu Abayomi-Paul
I believe the smugness of the Mac user in this department to be a myth. I have a Mac now after years of not only being a PC user, but five years of supporting PCs. And I don't believe my computer is impenetrable now that I have a Mac, nor do I know any Mac user who truly believes that.
Yeah, in actual fact, we do experience fewer problems - I use Windows on my Mac and it runs better on the Mac than it ever did on my PC, so I feel like I have the best of both worlds.
So that it's vulnerable to hacking is not a surprise, at all. And while I'm an atypical user, I don't know a single Mac user who thinks that ANY computer is immune from hacking. Yes, many of us feel safER, because that's what we're experiencing - but I don't know anyone thick enough to truly believe the Mac, or any computer or any operating system can't be conquered.
July 30, 2009 at 6:22pm by eric martinson
I agree with Tinu on this one... there isn't a computing platform on the planet that isn't hackable. And the SMS flaw they found happens on a bunch of platforms, including Windows mobile and Symbian (which has a much higher rate of adoption than all others combined).
The only problem I have with this article is the fact that there's no detail AT ALL. Exactly, how is this exploit executed? Is it a similar to the almost-academic-exercises of rootkits and warez? Can you get this over the web with a web browser? That would help people make a real decision as to what to think about it.
July 30, 2009 at 6:23pm by eric martinson
I agree with Tinu on this one... there isn't a computing platform on the planet that isn't hackable. And the SMS flaw they found happens on a bunch of platforms, including Windows mobile and Symbian (which has a much higher rate of adoption than all others combined).
The only problem I have with this article is the fact that there's no detail AT ALL. Exactly, how is this exploit executed? Is it a similar to the almost-academic-exercises of rootkits and warez? Can you get this over the web with a web browser? That would help people make a real decision as to what to think about it.
July 31, 2009 at 5:38am by Kit Eaton
@Tinu... have to agree with the "we do have fewer problems" point, in many different aspects--in five years of Mac ownership I must've seen just two grey-screen-of-deaths, and not had a single virus.
@Eric. There wasn't much detail available at the time... but you can be sure you'll hear more of it from Apple if it's as serious a loophole as it sounds.
July 31, 2009 at 6:00am by Cristina Karalis
--
Cristina Karalis
September 19, 2009 at 11:37pm by George Bush
Tinu - Pfft. Clearly you've never spoken to a Macfag. I've talk to so many and they'd always ALWAYS make false claims, such as "there are no viruses for Mac OS X" (300, ten times as many viruses as Linux, and boy, they can hit hard. And there's even more spyware.) to "Mac is unhackable" (Except in every single case where it was hacked, including every hacking competition where it was supposed to withstand attacks, it and Windows crumpled easily, Linux withstood.)
They also make other BS claims not related to security, like "the price of Macs is justified because the hardware is high quality" or basically everything Apple came up with in the Mac vs. PC ads. Those are Windows problems, not PC problems.