Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Mac OS X research warns of stealthier attacks

with one comment

Mac OS X research warns of stealthier attacks
Dan Goodin, The Register 2009-01-22

A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple’s OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today’s forensics practices.

The technique, which Italian researcher Vincenzo Iozzo plans to detail at the Black Hat security conference in Washington next month, makes it possible to carry out stealthy Mac attacks that until now have not been possible. The in-memory injection approach allows unauthorized software to be installed on a Mac without leaving traces of the attack code or other tell-tale signs that the machine has been compromised.

The Rest

It just goes to show that even in a well designed system where the memory is randomized, there still is one memory spot that “needed” to be static. It was that static bit that brought down the security of that system’s design intent. I would also add that all those mac heads out there who think Mac OSX is invincible.. Think again…


Written by Krypt3ia

2009/01/27 at 02:36

Posted in Hacking, Infosec

One Response

Subscribe to comments with RSS.

  1. Hi Dan,

    While I use a Mac for personal use, I don’t spend a lot of time on Mac security issues. The iPhone (with Mac OS X) and the increased market share of Mac computers will change that.

    Anyway, there’s an awfully big difference between Leopard and Tiger, the last two Mac OS X major releases. Leopard included some memory randomization and other protections. Snow Leopard, btw, is rumored to add and enhance significantly (we’ll see). So, I’m curious if the researcher is talking Tiger or Leopard too.

    Cheers,

    Eirik

    Eirik Iverson

    2009/01/29 at 14:30


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: