Posted on 03/10/2011 1:46:37 PM PST by BobSimons
Apple's OS X is First OS to be Hacked at This Year's Pwn2Own
Charlie Miller lets someone else win a MacBook for a change
The conception that Apple, Inc. computers running OS X are magically more secure than Windows computers was dealt another setback this week. Using a flaw in Apple's pre-installed first-party Safari browser, it took French security pro Chaouki Bekrar merely 5 seconds to hijack the unwitting MacBook at the CanSecWest Conference's pwn2own contest in Vancouver, British Columbia.
On a most basic level the attack exploited Apple's weak memory protections in OS X Snow Leopard. Microsoft, more popular and more commonly attacked, includes two critical types of memory protection -- data execution prevention and robust address space layout optimization (ASLR) -- both of which attempt to prevent memory injection attacks. By contrast, Snow Leopard only supports ASLR and the implementation is badly botched according to hackers.
The attack also exploited poor coding in Apple's branch of WebKit, which features many bugs and security flaws. While Apple's WebKit branch, which powers its Safari browser, shares a certain amount of code with Google's WebKit browser Chrome, Google has added much more robust security layers and is less buggy.
So if Apple computers are less secure than Windows machines, why are Windows machines attacked so much more frequently? Generally, the answer boils down to that there's far fewer Macs and that hackers often have misgivings about mass attacks Unix-like operating systems (Linux, OS X) as they view it as "attacking their own." Ultimately these two factors combine into a greater barrier -- lack of information.
(Excerpt) Read more at dailytech.com ...
That's certainly true.
But the fact remains, Apple apparently still fails to utilize a basic protective capability built into the processors on which it runs by diligent Intel engineers: data execution prevention. DEP keeps many of those undiscovered flaws from having consequences beyond crashing the application you are using at the time.
Spreading false information around pure bs. Without root authority any hacked executable will not have the authority to do an damage. You think you understand Unix but clearly you don't. The Unix OS will control the maliciousness, contain it. It was DESIGNED that way.
unprotected /dev/sda physical device.
What? How is that going to affect anything but that device? /dev is owned by root.
You will do little or no damage to the OS without root privileges.
Never said it wasn't Apple's fault. That is you, projecting on me. I said (please read this slowly, out loud if you have to)
The title is misleading. The Mac was NOT cracked from scratch in 5 seconds. A team of 3 engineers worked 2 weeks to reverse-engineer the Webkit. Then wrote custom software to export various stages the Webkit engine went through, to find an exploit. Then they developed an application, using this (non-exported and typically not available data) exploit to break the flaw.
The title implies that a hacker cracked the Mac in 5 seconds - no mention of the 2 weeks a small team of engineers spent in preparation. The fact is, that the Mac took over 2 weeks to crack.
Bottom line, yes - there is a security flaw in the Mac OS. And I believe that Apple already has a patch released to fix this. This was a nice job by the team - but goes to show you what lengths they had to go to, in order to find this flaw.
Never said it wasn't Apple's fault. That is you, projecting on me. I said (please read this slowly, out loud if you have to)
The title is misleading. The Mac was NOT cracked from scratch in 5 seconds. A team of 3 engineers worked 2 weeks to reverse-engineer the Webkit. Then wrote custom software to export various stages the Webkit engine went through, to find an exploit. Then they developed an application, using this (non-exported and typically not available data) exploit to break the flaw.
The title implies that a hacker cracked the Mac in 5 seconds - no mention of the 2 weeks a small team of engineers spent in preparation. The fact is, that the Mac took over 2 weeks to crack.
Bottom line, yes - there is a security flaw in the Mac OS. And I believe that Apple already has a patch released to fix this. This was a nice job by the team - but goes to show you what lengths they had to go to, in order to find this flaw.
Not a problem. I've broken root on an HP workstation in under 5 minutes. There's always another hole. In the case of the HP workstation, the sysadmin had gone on vacation for 3 weeks and left nobody with the root password. I exploited a setuid program that made a "system()" call to manufacture a copy of /bin/sh that was setuid to root. I changed the root passwd, handed that to the designated admin and removed the "hack" tool.
unprotected /dev/sda physical device
What? How is that going to affect anything but that device? /dev is owned by root.
If /dev/sda is inadvertently left writable then a hacker can directly modify the physical disk sectors of the disk. He can inspect the raw inode table to locate and then change the sectors containing /vmlinuz (or any other logical file) and modify said file with impunity, completely bypassing the security model of the file system.
Basically the 'root' security model is like a balloon. The tiniest pin-prick and it pops. The root model is Class D (with ACLs it might be a low C1).
Real security begins with a honeycombed compartmental model - basically sandboxes - so a screwup in one cell doesn't compromise the whole system. For example Internet Explorer runs in the 'Low' sandbox. For even stronger security you impose mandatory identification labels on principals and objects and use a formal methodology. On that score Vista/Win7 is roughly class B1 and is nearly B2. (Class A1 requires a mathematically verified formal design such as the Type Enforcement model.)
I'm formerly the Principal Computer Scientist at Secure Computing Corporation (SCC) where I worked on classified DoD contracts and helped design a more-or-less Class A1 OS (Sidewinder), and later co-designed the first firewall for Microsoft Windows. So I do know a little something about computer security.
The only 'bs' being flung around is coming from you.
I missed this years competition. But I guess this makes 4 years in a row OSX was the first hacked!
Too funny!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.