what its like to be the Gay, Vocal
and otherwise irritating 5% of Society
Posted on 03/10/2011 1:46:37 PM PST by BobSimons
Apple's OS X is First OS to be Hacked at This Year's Pwn2Own
Charlie Miller lets someone else win a MacBook for a change
The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia.
On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular and more commonly attacked, includes two critical types of memory protection -- data execution prevention and robust address space layout optimization (ASLR) -- both of which attempt to prevent memory injection attacks. By contrast, Snow Leopard only supports ASLR and the implementation is badly botched according to hackers.
The attack also exploited poor coding in Apple's branch of WebKit, which features many bugs and security flaws. While Apple's WebKit branch, which powers its Safari browser, shares a certain amount of code with Google's WebKit browser Chrome, Google has added much more robust security layers and is less buggy.
So if Apple computers are less secure than Windows machines, why are Windows machines attacked so much more frequently? Generally, the answer boils down to that there's far fewer Macs and that hackers often have misgivings about mass attacks Unix-like operating systems (Linux, OS X) as they view it as "attacking their own." Ultimately these two factors combine into a greater barrier -- lack of information.
(Excerpt) Read more at dailytech.com ...
This contest seems to be a bit of a fraud. Any knowledgeable person is keenly aware that the “5 seconds” was just the implementation of an attack that likely took a great deal of time and effort to engineer.
This is proof of nothing.
I believe everyone on this thread.
They are all so smart!
The root password is irrelevant if you can just overflow a buffer (or even worse, the runtime stack) and execute malicious code. OSX’s problem is its lack of memory protection, which is fairly common among *nix systems.
Apple gets Pwned and abused every year at this competition.
And in the wild?
I know, I know. Apple is the worst at responding to security risks. Some potential exploits have knowingly been left open for months. Apple will have to learn to be more responsive to such shortcomings. Until then, they have to live with live exploits growing exponentially for a while. From 0.0001% to 0.001% even.
Of course they did. No huge body of code is free of flaws. So what? The sky is blue, is that also a revelation?
Your awe at the simplest things make me wonder if you're new to this topic....
Except that tech-writers are whores who will do anything to get a headline with "Apple" or "Mac" in it.
I love to see the texturbation between fanbois and anti-fanbois alike in these threads. It reminds me why politics sucks, and that the world we live in is 99% opinion, and 1% fact.
Or? The point of overflowing the buffer IS to get your executable code onto the stack at the right spot.
Can this so-called hack be used without “user permission”?
You know, do I have to type in my password for it to work? To the best of my knowledge, all of the previous hacks required the user to type in his/her password after downloading something from an unknown site.
Most of us Mac users do not go to those sites, and you know what I mean, I think.
Uh, Bob....
I am a little old lady, happily married for 45 years to the same man, and neither of us are into anything vaguely interesting in the sexual side of things.
Neither of us are particularly vocal either. We just ran our little business successfully for over 40 years on Macs, managing many millions of other people’s money, and never had a down day, computer-wise.
We never needed tech support, never had a crash, never needed overly expensive software, or tech handholding to keep us up and running, no matter what time a client wanted info.
We never could have done this with PCs. We watched many of our fellow small business owners struggle with all the above issues.
That said, PCs are great for the corporate types, who have the big budgets for IT staff, and software techies running around to all the offices.
If this is irritating to you, then I suggest you reconsider the percentage of jobs created by small business owners in our economy. I know we helped lots of people find work in our rather impoverished area.
It is not clear from the article if he got root or not.
But once in with a user shell, he should be able to launch a privilege escalation attack.
I'm a Mac user and I wish I understood what you just wrote...... it sounds really interesting..... I have no clue what it means.
Not true. Tom Duff regaled us of his first UNIX virus at a USENIX breakout session in 1988. The basic infection technique is to read the executable header, identifying the starting address for the code segment, save it, add your own code to the end of the code segment, patch the start address to run your "virus" code, then patch a section of your "virus" code to run the original entry point. Your "virus" can then scan all the executables in the current directory and PATH and infect all that you can successfully write. The technique works and spreads like wildfire in an environment with NFS mounted filesystem to "share" the garbage.
No. Linux/UNIX can be hacked just like any other OS.
A hacker can modify an unprotected executable file, or a kernel load module, or even the disk sectors of an unprotected /dev/sda physical device. It takes only one mistake in securing a single file to blow up Linux completely.
For all the complaints about compatibility in Windows Vista/Win7, it does have extra security against those kinds of errors. x64 device drivers must be digitally signed with a Class 3 VeriSign Authenticode Certificate to load. Mandatory Integrity levels are enforced everywhere: all code runs in separate sandboxes based on the security level (Low, Medium, High, System). This is similar to TCB Orange Book used by the military for mandatory security levels (Unclassified, Secret, Top Secret, etc). Files in the TCB are owned by TrustedInstaller and cannot be modified even by super-users (Administrators).
Linux/UNIX has a ways to go to catch up to Win7 in terms of security.
Um, what happened to the entry between Linux and Symbian? Are you using MSIE or something?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
