Feeds

back to article New OS X research warns of stealthier Mac attacks

A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices. The technique, which Italian researcher Vincenzo …

COMMENTS

This topic is closed for new posts.
Coat

Before the tedious platform war begins...

> "It's so easy to use," Miller said.

I guess it "just works"

0
0
Jobs Halo

Will be fixed by the time it's revealed

Simply by randomizing the load location of 'dyld' at boottime. If Iozzo is a responsible person -and not some headline-grabbing hack- he has reported this to Apple and they have been working on a fix that will precede or arrive simultaneously with his announcement. This is not the exploit you are looking for.

0
0

Clever

Of course, the obvious solution is to randomize the location of the dynamic linker as well.

0
0

Dynamic linker

Just to prove I was listening..... Isn't random memory location of the dynamic linker one of the new security features believed to be in Snow Leopard - in which case this vulnerability goes away again :-)

0
0
Anonymous Coward

Encrypted VM

Interesting - you can encrypt your VM in Mac OS X, so this means that if you use that particular security measure to protect your data from snooping, forensics will have no chance of detecting this exploit at all.

@ 2nd poster in the thread - Apple has known about the limitations of its memory randomisation since Leopard was first released and no, they won't fix it soon in 10.5.x or before the hack is revealed, but they are fixing it for 10.6

0
0
Thumb Down

RE: Dynamic linker

So your "fix" is to shell out hard earned cash and buy a newer release of the operating system???? I'm sorry, but I would've said that's worthy of M$, but even they patch older OS's! Apple better fix this retroactively...

0
0

Yawn

"It's only a matter of time".

People have been saying that for 8 years now. Still nothing's happened.

0
0
Silver badge

Surprised, anyone?

So, the Mac I use daily is not invulnerable to attack. That's not really news, is it? Apple were late to introduce address space randomisation, so it's no surprise that it isn't perfect yet. But like Microsoft, we should probably applaud them at least for acknowledging the problem (well, as much as Apple ever do, in that we can guess they've acknowledged it long after the fact from their subsequent actions) and beginning to tackle it?

0
0
Thumb Up

Vulnerability?

This is not exactly about 'vulnerability' as it is commonly understood, and therefore,

YES I would say this is news, and NO I would not say apple has to fix it right away,

unless doing so requires only a regular fix, which, in all my ignorance, I doubt.

0
0
jai
Silver badge

only a matter of time

and if its so easy, this kind of attack happens all the time on linux then, does it?

0
0
Dead Vulture

Conficker and Kido say...

Yet another theoretical threat to OS X scraped from the bottom of a hypothetical barrel in response to a real world, live as we speak Windows virus attack.

Every time we get an attack on Windows some security researcher finds a vuln in OS X.

Coincidence? Couldn't possibly be. They wouldn't dare be that predictable. Ain't that right kids?

0
0

Not too much of a threat...

So, let's get this clear:

a- If there is currently a vulnerability in an application, and

b- if your system is unpatched, and

c- if you executed a program with a malicious payload, and

d- if this malicious payload took advantage of the new stealth technique

THEN you'll get infected, and it will very hard to trace it using common forensic techniques.

That's a tall order right there. The current situation is at "c", and malicious programs and infections are not that common. The new factor of stealth will not necessarily influence the availability of malicious attacks, only their detection.

You still need that proverbial virus that we've been promised.

-dZ.

0
0
Jobs Horns

"The injection method doesn't make it any easier to pierce a Mac's defenses"

Just use one of the many numerous and unpatched vulns in itunes or safari.

the only reason mac virii are rare is the same as Linux virii - nobody can be bothered when there are more Windows users.

0
0
This topic is closed for new posts.