Skip to comments.The Mac Hacker Strikes Again (Charlie Miller has a habit of upending Apple's security claims.)
Posted on 04/10/2010 9:49:52 AM PDT by SmokingJoe
Charlie A. Miller loves his Macbook Pro laptop. And his four other Apple ( AAPL - news - people ) PCs, the iPhone he uses daily and two older iPhones he keeps for tinkering. But his relationship with the company that created those gadgets is somewhat more complicated.
In March, for instance, the 36-year-old security researcher publicized his discovery of 20 security vulnerabilities in Apple's software. Each would allow a cybercriminal to take over the computer of a user who's tricked into opening a certain PDF attachment or who simply visits an infected Web page using Apple's Safari browser.
That haul of bugs is a record even for Miller, who over the last four years has become perhaps the world's most prominent Mac hacker. It may also be definitive proof that Apple devices aren't safe "right out of the box," as the company has claimed for years. "When I first began saying that Macs were less secure than Windows, everyone thought I was an idiot," says Miller. "So I had to prove it again and again and again."
In 2007 Miller became the first to hack the iPhone, using a flaw in its Safari browser to remotely gain control of the not-so-smart phone. Six months later he hacked a Macbook Air in two minutes at a competition in Vancouver. Last summer he revealed a method that allowed him to virally hijack the iPhone using text messages spread via a user's contact list.
(Excerpt) Read more at forbes.com ...
Since PDFs are so popular, they are now one of the vectors of choice for viruses for any OS.
Aside from exploitable software bugs in the PDF reader, the reader is shipped with a preference option that allows auto execution of malicious embedded programs in PDF files. I don’t understand why this option isn’t disabled by default.
Here’s an article about this and a solution:
Also be sure to update to the latest rev (IE: security bug fix), then turn off the above mentioned option.
Adobe reader link:
Yup, we have been using Macs for our business since 1982, and have never needed any security software.
I am not saying that Macs are invulnerable, understand... but with a modicum of intelligence in using them, they are not easy to mess with. Most of the successful hacks have depended on giving the would be hackers access in ways no normal user would ever permit.
Nope - see my previous post. Solaris has defects. Sheesh - the very first internet worm propagated on guess what - Solaris! For that matter - there have been several root kits for Solaris over the years.
It isn’t a dominant (numbers wise) OS - so doesn’t get as much attention, nor does it get the publicity when it’s compromised.
So get off your Unix high horse!
I am on my 3rd MAC at the office in less than 5 years. Safari stinks, Entourage not better, NEOOffice is awful, ICal doesn’t talk with other MAC software. My database kept reporting damage and after rebuilding it 6 times in one day, guess what, I got a new MAC. .ODT does not open .doc or .docx files correctly or in the same format. I sat with the folks at the Apple store with a list of 30 problems and they could not tell me how do do what I use to do on my PC. They visited the office to see our set up but I think that was just “let’s see what your doing” and then nothing. I am currently working on another list of problems and I’m on number 24. Check this out. http://theflashblog.com/?p=1888
Apple Slaps Developers In The Face. Another problem. .pdf’s another problem. We had to load update 5 times. It taked me double and triple the time to do my work and its getting tiresome.
Very true, and thank you for confirming what all Macintosh users have known from other Mac users’ and their experiences — plus their own experience.
You’re right, there is no problem with viruses and malware from users of the Macintosh computers and Mac OS X.
“Apple Slaps Developers In The Face.”
Yep. A primary reason Microsoft has done so well is that they embraced developers, produced many tools and books and conferences for free and training, etc, etc, etc. Apple is nowhere to be found in the developer community.
The only computers Ill run without AV are computers totally under my control (in my office) that are behind a business NAT router with firewall and that are never used for Email or browsing the Web.
Yeah, but you see, that's exactly what I was talking about. I had said several times before that I wanted to run my computer on the Internet, with no anti-virus program, direct on the internet, doing all the web browsing and e-mail and downloading and whatever else that a person does with their computer -- and -- some Window's user with their computer (the same way), for a year, and then see whose computer gets hosed in the process of doing it that way. That was the "whole thing" with what I was asking people with Windows to do.
I had said that I wanted to run a Macintosh with Mac OS X (that's the system that we have now (and besides upgrades, it's been Mac OS X for about a decade or more) -- and then -- have someone else run Windows, for a year, using it exactly the same way that people normally use it.
And what I'm saying is that I haven't found any Windows users that will use their Windows system that way -- while the vast majority Macintosh users do "exactly that" -- continuously, all the time, and never have any problems...
You see..., that's the point... :-)
[ ... I guess I still have no takers in the Windows world, for what Macintosh users do all the time with their computers ... :-) ... ]
The only reason that Windows exists is an open hardware platform, the ubiquitous MS Office, and stupidity among those that adopt the paradaigm.
True... true ... :-)
that’s odd about visiting web sites. Cause I always thought that you had to verify before any program was placed on a Mac. My mistake. I still don’t have a anti-virus software, I back my drive weekly and I guess I’ve been lucky.