Print 52 comment(s) - last by themaster08.. on Feb 28 at 5:44 AM

Vincenzo Iozzo  (Source: Black Hat DC)
Claims he can overwrite other programs’ code in memory without leaving a trace

Vincenzo Iozzo, a student security researcher at Politchnico di Milano University in Italy, unveiled a startling new attack against Mac OS X computers that allows hackers to inject malicious code into another program’s memory space – and then vanishes as soon as the computer is switched off.

Speaking at the Black Hat DC cybersecurity conference in Washington, DC, Iozzo said his technique relies on injecting arbitrary code into a program’s executable memory while it is running, guided by the memory locations described in the actual program binary, which is stored in a file format called Mach-O. The injected code runs when the code it originally overwrote is called upon by its host.

Attacks of this kind are nothing new, however, and the secret behind Iozzo’s memory injection attack is that it runs completely from RAM, leaving no trace on the host machine’s hard drive; other techniques have generally required, at least minimally, some form of temporary storage.

The main weakness of his attack is that it relies on an unspecified means of executing arbitrary code on the computer in the first place: according to Iozzo’s presentation (PDF), an attacker must have knowledge of remote code execution “in his pocket” in order to convince his mark’s computer run a bootstrapper that initiates the attack.

While it is unclear as to whether or not Iozzo’s technique allows hackers to tamper with code running at System-level privileges – Iozzo describes the attack as limited to “userland”, or regular desktop applications – it does allow an attacker to modify a program like Safari to do something malicious like monitoring passwords and keystrokes.

Iozzo’s technique most closely resembles Firewire-port memory injection attacks that previously felled Windows, Mac OS X, and Linux: both make use of some transient medium to arbitrarily inject code into the program section of a computer’s memory, which is normally heavily protected from attack. Once the malicious code is in, an attacker can make a computer do pretty much the OS would allow the original host program to do – all without setting off security software.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By SavagePotato on 2/20/2009 9:58:16 AM , Rating: 5
It is getting more and more gratifying by the day as more and more osx infections and exploits come about.

Reality usually sucks but seeing comeuppance for people that smugly walk about with their nose in the air touting how their mac is invulnerable to any infection, is just so very enjoyable.

Security through obscurity, it's time is ending with each tick of apple market share growth.

RE: Gratifying
By ltcommanderdata on 2/20/09, Rating: -1
RE: Gratifying
By PhoenixKnight on 2/20/2009 2:17:05 PM , Rating: 5
Apple doesn't exactly have a good record when it comes to fixing security flaws. Their usual course of action is usually to either completely ignore it or denounce it as being a slanderous lie.

RE: Gratifying
By gstrickler on 2/20/09, Rating: -1
RE: Gratifying
By Pirks on 2/21/2009 5:37:07 AM , Rating: 1
Ever heard of the Darwin project?
I bet SavagePotato would use his nine iron on Darwin's teeth if he could :)))

RE: Gratifying
By zaxxon on 2/20/2009 11:26:07 AM , Rating: 2
What's better than walking around with your nose high, pointing out that another OS finally 'has been hacked'....

RE: Gratifying
By Totally on 2/20/2009 6:38:45 PM , Rating: 3
...pointing out that another OS finally [become worthwhile to be] hacked'...


RE: Gratifying
By kelmon on 2/21/2009 11:37:08 AM , Rating: 2
Really? And which exploits should we be worried about today? Please direct me to one that will attack my computer today.

I find it very entertaining that we occasionally get comments from people saying that Apple's "[s]ecurity through obscurity" is ending. Is this like the "Year of the Linux Desktop" I keep reading about?

Seriously, if you find news like this "gratifying" then I can only suggest that you need to find yourself something more interesting to do. I don't care what type of computer you or anyone else uses, so why do you?

RE: Gratifying
By Pirks on 2/21/2009 1:09:10 PM , Rating: 2
I don't care what type of computer you or anyone else uses, so why do you?
Because he's a genetically bred mindless Apple-bashing troll. If you read SavagePotato's Apple-related posts here, you wouldn't even consider talking to him. Talking to a piece of wood would be more productive. Trust me on that, kelmon, I know this guy for a loong time ;-)

"And boy have we patented it!" -- Steve Jobs, Macworld 2007
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki