Many Mac owners live under the assumption that their computers will never be attacked. While that statement may hold some truth -- most fail to understand why. Rather than realizing that the relatively safety is afforded by Apple's still small market share, they believe that the security is somehow owing to an inherent security superiority in their operating system of choice, OS X, a sentiment echoed in Apple's sarcasm-laden "Get a Mac" commercials.
However, in reality Apple's security implementation, both on an OS and an application level is often lacking. It took Apple a year to patch a glaring hole in its OS X Java implementation. A major hole allowing SMS binary messages to execute code as root in the iPhone also went unpatched for over a month. Apple's OS X-toting iPhone's encryption scheme was declared laughably useless by a security expert and even Apple seems to acknowledge that its security may be lacking, warning that its iPhone can easily be hacked and used as a terrorist weapon.
Now leading Mac researcher Dino Dai Zovi has unveiled a new attack at the chic Black Hat security conference in Las Vegas. The new technique allows hackers to take control of OS X machines and steal data from them that is supposed to be encrypted.
All the technique needs is access to the memory. A few lines of code will give the attacker access to the root memory, which is then written to establish a TCP connection, allowing the hacker to download malicious files and control the computer remotely. Mr. Zovi demonstrated how the attack can be used to hijack Apple's Safari browser, stealing encrypted data from a user's bank accounts.
He states, "There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun."
Security experts predict that the interest and the means are finally coming together that could make for the first serious malware attack on Mac computers. With hackers cooking up a new wave of Apple-catering malware many predict that the attacks will catch the community of millions of Mac users in the U.S. unaware. States Joel Yonts, another Mac security expert at the conference, "When the malware authors put out something that's really sophisticated we are going to have a whole population that is really vulnerable."
Apple has not released a comment about the flaw or announced any plans to patch it.