Aug
Macs Can Be Hacked
I have always said that as soon as Macs or Linux becomes mainstream, they will be able to be hacked and people will start to write viruses for them. Here is a story about just that. The article says:
And my Microsoft, Windows-loving self didn’t say [hacking Macs is easy]. It was self-proclaimed Mac enthusiast and security researcher, Charles Miller, Ph.D., principal security analyst with Independent Security Evaluators. He talked about how easy it was to hack Leopard and iPhones, which share a common root OS.
Essentially, Dr. Miller said that Apple was falling down on the job and making its OS way too easy to hack. He said he found more than 50 OS X programs that run in the SUID (Set User ID) context, most of which had been made non-SUID by most Unix and Linux distros years ago. He said that OS X doesn’t randomize memory, the stack, heap, or kernel instruction pointers, which are simple antibuffer overflow mechanisms deployed in Windows, Linux, BSD, and many other OSes.
He continued by listing dozens of old programs and libraries patched in other OSes that Apple is still installing by default, or just getting around to patching. Dr. Miller showed the crowd two recent JavaScript exploits (one on OS X and the other for the iPhone) and shared all the great reasons why the Mac OS X is an easy platform to exploit. He also shared his techniques for hacking iPhones and discussed several other tools that made finding Apple exploits easier. He was absolutely giddy about some of the new changes Apple is making that will simplify the life of a hacker, er, researcher in the coming months.
Ultimately, Dr. Miller lamented Apple’s growing market share as matched against its current state of security design. A member of audience put it this way: “Apple is like this little ole, family-town sheriff who’s moved to inner-city D.C. and is attempting to spread the love. It won’t be pretty.”
Expect more stories such as this to emerge as more people move to alternate operating systems.
