Print 32 comment(s) - last by DominionSeraph.. on Jan 12 at 7:25 PM

Flaw could allow remote attacker to take over Mac systems

Security is a big concern for many computer users. The concern for security is bigger than simply the need to protect personal information online; users are also concerned about the security of files and data stored on their local computers.

Proof of concept code has been posted online that details a vulnerability that can be exploited in some versions of the Mac OS X operating system. The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS.

The proof of concept code was posted by a security researcher at a security firm called SecurityReason. This is not the first that has been heard about the vulnerability though. The vulnerability was first announced by Maksymilian Arciemowicz last June.

The risk posed by the vulnerability is listed as high by SecurityReason. Other software that was vulnerable to the same exploit included FreeBSD and NetBSD as well as Firefox and Google Chrome. Mozilla and Google have both already patched their software to prevent the vulnerability, but the flaw is still exploitable on Mac systems.

McAfee predicted at the end of 2009 that 2010 would see the number of attacks and exploits for third party programs exceed the number of attacks and exploits aimed at Microsoft products. The two big targets in 2010 according to McAfee will be cross platform software from Adobe including Reader and Flash.

InformationWeek reports that Apple did not respond to a request for comment and that SecurityReason was not reachable for comment on the likelihood that the flaw could be exploited.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

No way
By Abrahmm on 1/11/2010 1:37:21 PM , Rating: 5
Impossible. OS X has no flaws, only features. Now, we just have to wait 8 months for Apple to "change" this "feature".

RE: No way
By amanojaku on 1/11/2010 1:52:58 PM , Rating: 5
Maksymilian Arciemowicz, when quizzed about the exploit's design, said:

"It just works."

RE: No way
By jonmcc33 on 1/11/2010 4:02:17 PM , Rating: 5
6 please!

RE: No way
By BioRebel on 1/11/2010 5:12:02 PM , Rating: 1

RE: No way
By ImSpartacus on 1/11/2010 1:58:28 PM , Rating: 2
Yes, I for one cannot wait for Apple to release more features! What do you guys figure this new feature will cost us? I'm thinking a solid $50 /year would be reasonable for such a nice feature.

RE: No way
By mechBgon on 1/11/2010 9:50:19 PM , Rating: 3
Yes, I for one cannot wait for Apple to release more features! What do you guys figure this new feature will cost us? I'm thinking a solid $50 /year would be reasonable for such a nice feature.

I, for one, demand that the feature be glossy white and have a trendy-sounding name.

RE: No way
By Mitch101 on 1/11/2010 2:01:19 PM , Rating: 3
There go the Hackintoshes.

Serious note around me the Apple Revolution seems to have died down. I dont know anyone going to buy an Apple. Not picking at Apple and not flaming but no one is talking about it any more. Could very well be Apple hasn't released anything revolutionary in a while to spur the talk. As for Hackintosh there are a few talking about creating one but it seems since Windows 7 no one is talking about getting a MAC in my neck of the woods.

RE: No way
By Pirks on 1/11/2010 5:18:59 PM , Rating: 2
There go the Hackintoshes
Yeah, indeed, I agree there's no such pressing need to get a hackOS if you wanna Mac and don't have dough. OS X 10.6 runs great on VMWare 7 these days, I'm running one on my Vista desktop and boy it's the other side of the universe compared to virtualized 10.5. Where 10.5 took forever to boot up and react to a mouse click 10.6 in VM works way faster than Vista. Bye bye hackOSX :P I mean it's still ok for people to tinker with hardware and get deep in the system guts if they like it but hack movement became irrelevant for people who'd like to try out OS X since 10.6 and VMWare 7 came out a couple of months ago.

RE: No way
By LCS2009 on 1/12/2010 2:05:41 AM , Rating: 2
Hello.. Is there any way that you explain me how you do that?? (install vmware and os x 10.6)

Because I want to have it in my windows 7 PC

RE: No way
By omnicronx on 1/11/2010 2:49:32 PM , Rating: 4
How isn't it a feature? I mean Windows has remote desktop assistant, isn't this kind of similar?

*sips coolaid*

RE: No way
By DominionSeraph on 1/11/2010 5:00:29 PM , Rating: 3

It is only a feature if Apple allows threads regarding it on their forums. If all mention mysteriously disappears... "What feature?"

"These aren't the droids you're looking for."
- Steve Jobs (1977)

Apple must be at least somewhat secure....
By Smartless on 1/11/2010 2:04:43 PM , Rating: 5
All that complacency must tempt at least a few hackers even if the marketshare is 5%. I mean look at the facts,
1) Apple owners have to be well off to afford one.
2) Most Apple users have laptops they take to open wifi spots.
3) Most Apple users think only Windows machines get viruses.
4) Most Apple users are browsing the web or buying stuff online because hey who uses them for work.
5) Okay some graphic artists use it for work but probably use Adobe products (a much more tempting target).

By DominionSeraph on 1/11/2010 4:38:36 PM , Rating: 5
No, you have to figure that 90% of MacBook purchases are by college kids spending Mommy and Daddy's money for a trendy accessory. Hacking one would only net you gigabytes of laughably naive, "socially aware" alt-rock and reams of feminist manifestos.

A hacker would be better off sticking his finger down his throat and sifting through the contents thereof. It'd be less painful, with a greater chance of profit. (You at least know the contents were good when they went in.)

By afkrotch on 1/11/2010 7:09:08 PM , Rating: 2
I love Apple fans on MMOs. Always a "Mac is the best!" Usually after that, I ask how they are playing the game, since it's not coded for OSX.

Then all the PC gamers spam at them, cause they spent all that money for a crap Mac, only to load Windows on it to play games. Apparently it's not the best.

RE: Apple must be at least somewhat secure....
By chemist1 on 1/12/10, Rating: 0
By DominionSeraph on 1/12/2010 8:58:31 AM , Rating: 2
And just what in your post couldn't be accomplished by a Hackintosh?

Mac OS != Macintosh. You really shouldn't have missed something so basic.

RE: Apple must be at least somewhat secure....
By Veerappan on 1/12/2010 3:20:36 PM , Rating: 2
How about the part where many of the government grants/contracts that some institutions are part of requires a supported mission-critical-level operating system in order for the contract to be paid.

The scientific institution that I work at legally can't use something like a Hackintosh (even if there weren't questions about the legality of that setup). We can't use most Linux distros either, unless they have paid support, and also have passed many qualification tests first.

It's why I'm still running Solaris on my work machine (until a possible CentOS upgrade later this/next year).

By DominionSeraph on 1/12/2010 6:41:30 PM , Rating: 3
My mention of "Hackintosh" was to disprove the assumption that Mac OS was unique to Macintoshes, which was intrinsic to his argument. Your external requirements are irrelevant.

If, for legal reasons, you had to use MS-DOS 3.1 on a Tandy 1000EX, you would be. What does that say about the merits of MS-DOS 3.1 as an OS or the Tandy 1000EX as a computer? Nothing.

Come on people, this is a simple analytical operation. Run sufficient iterations before you commit to an inference. If you're unsure, run your test inference past an eight-year old. That'll catch most of these errors ya'll are making.
Just throwing up on the keyboard with the expectation that someone else will clean up your mess is rude.

By DominionSeraph on 1/12/2010 7:25:19 PM , Rating: 2
"It's rude to just throw up on the keyboard and expect someone else to clean up the mess."

This form's better. It was initially rejected because it loads up the scratchpad, but I doubt any of you were putting that to heavy use. Or even have it partitioned for such.

Adobe Reader?
By kmmatney on 1/11/2010 3:19:11 PM , Rating: 4
The two big targets in 2010 according to McAfee will be cross platform software from Adobe including Reader and Flash.

It really speaks to the bloatware from Adobe that simple "reader" software can be exploited like this. I have noticed that the latest Adobe reader has a smaller download and is faster to load the previous versions, so they are improving things. I still use Foxit, though.

RE: Adobe Reader?
By kmmatney on 1/11/2010 3:32:03 PM , Rating: 2
On a similar note, I just tried to download the latest version of Adobe Reader to try it out, and the download page cuases my Internet Exporer tab to crash out. This is repeatable. Now some weirdness - when I atttempt to download from Internet Explorer, the download size is 37.86 MB (without Google toolbar add-on). However if I use Google Chrome to download Adobe reader, the download size is 26.1 MB. WTF? I'm running Windows XP SP3. Why a different download size for Adoibe reader, depending on which Browser I use to download it?

RE: Adobe Reader?
By afkrotch on 1/11/2010 7:11:55 PM , Rating: 2
Adobe reader integrates itself in with the browser. I'm guessing, since it doesn't detect you using IE, it just uses the lower sized download.

RE: Adobe Reader?
By Mr Perfect on 1/12/2010 1:13:59 PM , Rating: 2
It depends on how you download it.

When you get to Adobe's Reader download page, it will automatically try to install Adobe Download Manager, which freaks out some anti-virus software. Assuming yours doesn't, and you install ADLM, it then installs Adobe Air,, and Adobe Reader. A grand total of four Adobe programs!

If, on the other hand, you do not allow ADLM to install, and click the link named "If it does not start, click here to download." you get an setup file that installs only Reader . Better yet, this file is an offline install, so it's great for admins or anyone else with a number of PCs to update.

I like not having all the extra junk. :)

+1 to the picture
By Drag0nFire on 1/11/2010 2:23:45 PM , Rating: 2

RE: +1 to the picture
By AstroCreep on 1/11/2010 3:34:21 PM , Rating: 2
The one where Steve Jobs looks like he's trying to squeeze out a fart? If so, where have you been? They LOVE using that image on this site! Even more than the one of Steve Ballmer's fat, sweaty face where he's sticking his tounge out at the camera.

Who cares?
By Iaiken on 1/11/2010 2:00:38 PM , Rating: 1
Even if this vulnerability allowed them to take over 100% of Macs. You would still be better off with code that took over 10% of Windows machines.

To quote Charlie Miller (a highly productive white hat hacker):
It's not worth [them] nearly doubling [their] work just to get that last 10%.

RE: Who cares?
By afkrotch on 1/11/2010 7:14:32 PM , Rating: 2
Ya, but that 10% has a complex about their OS being the best and that it has no vunerabilities and that it "just works." So more than likely, when you hit the 10%, you hit them for life.

By miggyb on 1/11/2010 2:42:32 PM , Rating: 3
If FreeBSD and NetBSD are affected, I sure as hell would expect OS X to have it. The question is have they fixed it in those two OSs? Because ISPs and Banks generally don't use OS X for their servers

Don't you have some real news?
By blue7 on 1/11/2010 9:34:38 PM , Rating: 3
Not even certain it's a "vulnerability" in OS X. The example PoC code is apparently non-working on OS X, as some people are reporting that the POC, when run on OS X.6.2, returns:

Program received signal EXC_BAD_ACCESS, Could not access memory.
which would be consistent with the non-execute nature of the memory locations of the data stacks and heaps . . . perhaps it's a total non-issue.
If it can't do any damage, IS it a vulnerability? If it can't work, can it be a vulnerability? Look at the actual wording of the article:

"The vulnerability is in both versions 10.5 and 10.6 of the Mac OS and is a buffer overflow error that arises from the strtod function in the underlying Unix code used for the Mac OS."

"Potential" is a HUGE word in this context... and with Apple using non-execute memory locations for the data that is at risk for this overflow, it seems to eliminate this potential risk. It also seems to me from reading the description of the PoC, that they are assuming that is a threat to OS X because it is in the underlying UNIX code.

More fear mongering reporting, plus are you so hard up that you have to rehash news from June last year???

One step closer
By themaster08 on 1/12/2010 5:31:05 AM , Rating: 2
Hopefully, this is another step closer to a cure for those poor sufferers of the Apple disease.

By sapiens74 on 1/11/2010 3:59:30 PM , Rating: 1
With the exception of Turning Windows on, browsing the Internet, downloading files, installing games with root kits, they are about the same!

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki