Before the tedious platform war begins...
> "It's so easy to use," Miller said.
I guess it "just works"
A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices. The technique, which Italian researcher Vincenzo …
Simply by randomizing the load location of 'dyld' at boottime. If Iozzo is a responsible person -and not some headline-grabbing hack- he has reported this to Apple and they have been working on a fix that will precede or arrive simultaneously with his announcement. This is not the exploit you are looking for.
Interesting - you can encrypt your VM in Mac OS X, so this means that if you use that particular security measure to protect your data from snooping, forensics will have no chance of detecting this exploit at all.
@ 2nd poster in the thread - Apple has known about the limitations of its memory randomisation since Leopard was first released and no, they won't fix it soon in 10.5.x or before the hack is revealed, but they are fixing it for 10.6
So, the Mac I use daily is not invulnerable to attack. That's not really news, is it? Apple were late to introduce address space randomisation, so it's no surprise that it isn't perfect yet. But like Microsoft, we should probably applaud them at least for acknowledging the problem (well, as much as Apple ever do, in that we can guess they've acknowledged it long after the fact from their subsequent actions) and beginning to tackle it?
Yet another theoretical threat to OS X scraped from the bottom of a hypothetical barrel in response to a real world, live as we speak Windows virus attack.
Every time we get an attack on Windows some security researcher finds a vuln in OS X.
Coincidence? Couldn't possibly be. They wouldn't dare be that predictable. Ain't that right kids?
So, let's get this clear:
a- If there is currently a vulnerability in an application, and
b- if your system is unpatched, and
c- if you executed a program with a malicious payload, and
d- if this malicious payload took advantage of the new stealth technique
THEN you'll get infected, and it will very hard to trace it using common forensic techniques.
That's a tall order right there. The current situation is at "c", and malicious programs and infections are not that common. The new factor of stealth will not necessarily influence the availability of malicious attacks, only their detection.
You still need that proverbial virus that we've been promised.
-dZ.