A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices. The technique, which Italian researcher Vincenzo …
Before the tedious platform war begins...
> "It's so easy to use," Miller said.
I guess it "just works"
Will be fixed by the time it's revealed
Simply by randomizing the load location of 'dyld' at boottime. If Iozzo is a responsible person -and not some headline-grabbing hack- he has reported this to Apple and they have been working on a fix that will precede or arrive simultaneously with his announcement. This is not the exploit you are looking for.
Of course, the obvious solution is to randomize the location of the dynamic linker as well.
Just to prove I was listening..... Isn't random memory location of the dynamic linker one of the new security features believed to be in Snow Leopard - in which case this vulnerability goes away again :-)
Interesting - you can encrypt your VM in Mac OS X, so this means that if you use that particular security measure to protect your data from snooping, forensics will have no chance of detecting this exploit at all.
@ 2nd poster in the thread - Apple has known about the limitations of its memory randomisation since Leopard was first released and no, they won't fix it soon in 10.5.x or before the hack is revealed, but they are fixing it for 10.6
RE: Dynamic linker
So your "fix" is to shell out hard earned cash and buy a newer release of the operating system???? I'm sorry, but I would've said that's worthy of M$, but even they patch older OS's! Apple better fix this retroactively...
"It's only a matter of time".
People have been saying that for 8 years now. Still nothing's happened.
So, the Mac I use daily is not invulnerable to attack. That's not really news, is it? Apple were late to introduce address space randomisation, so it's no surprise that it isn't perfect yet. But like Microsoft, we should probably applaud them at least for acknowledging the problem (well, as much as Apple ever do, in that we can guess they've acknowledged it long after the fact from their subsequent actions) and beginning to tackle it?
This is not exactly about 'vulnerability' as it is commonly understood, and therefore,
YES I would say this is news, and NO I would not say apple has to fix it right away,
unless doing so requires only a regular fix, which, in all my ignorance, I doubt.
only a matter of time
and if its so easy, this kind of attack happens all the time on linux then, does it?
Conficker and Kido say...
Yet another theoretical threat to OS X scraped from the bottom of a hypothetical barrel in response to a real world, live as we speak Windows virus attack.
Every time we get an attack on Windows some security researcher finds a vuln in OS X.
Coincidence? Couldn't possibly be. They wouldn't dare be that predictable. Ain't that right kids?
Not too much of a threat...
So, let's get this clear:
a- If there is currently a vulnerability in an application, and
b- if your system is unpatched, and
c- if you executed a program with a malicious payload, and
d- if this malicious payload took advantage of the new stealth technique
THEN you'll get infected, and it will very hard to trace it using common forensic techniques.
That's a tall order right there. The current situation is at "c", and malicious programs and infections are not that common. The new factor of stealth will not necessarily influence the availability of malicious attacks, only their detection.
You still need that proverbial virus that we've been promised.
"The injection method doesn't make it any easier to pierce a Mac's defenses"
Just use one of the many numerous and unpatched vulns in itunes or safari.
the only reason mac virii are rare is the same as Linux virii - nobody can be bothered when there are more Windows users.