Just yesterday we learned of the iPhone’s security issues, and today another Apple security flaw has been outed. According to a hacker there’s a simple weakness in OS X that can give a malicious coder complete control of a Mac.
The chap concerned is Dino Dai Zovi, more expert Mac coder and researcher than evil hacker, of course, and he’s presented his findings at the Black Hat conference on computer security at Las Vegas. Zovi has uncovered a serious flaw in OS X. At the core of the hack is a short code script that would give a hacker access to a Mac’s memory. Through this it’s possible to gain root access to the machine, and subsequently a remote TCP connection is setup. That then would allow someone to gain access to your personal data, attack the machine, execute files, or quietly monitor Safari to sniff your attempts to access your bank details online.
This, indeed, sounds like scary stuff. But it carries extra weight because Macs are traditionally imagined to be more immune to viruses and hacks than PCs–it’s one big part of the Macs vs PCs fight. Apple even parodies this in its Microsoft-bashing ad campaign. In reality, of course, nearly every computer of every type, irrespective of its OS, is open to attack unless it employs an air-gap firewall–if it’s not connected to anything else over any sort of network…even then it’s still possible to snoop on the machine using other methods.
Mac users perception that their machines are virus proof is at odds with reality, and is borne of the fact that Macs had such a small market share that they weren’t often targeted by hackers. But as Zovi’s work demonstrates–your Mac is vulnerable too. Lets hope Apple reacts swiftly to this with a patch.