Results 1 to 7 of 7
  1. #1
    Major Mac Computer Security Flaw Found
    bobross's Avatar
    Member Since
    Aug 28, 2009
    Location
    Summerville, SC
    Posts
    47
    Specs:
    MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod
    Major Mac Computer Security Flaw Found
    Very interesting -

    leading Mac researcher Dino Dai Zovi has unveiled a new attack at the chic Black Hat security conference in Las Vegas. The new technique allows hackers to take control of OS X machines and steal data from them that is supposed to be encrypted.

    All the technique needs is access to the memory. A few lines of code will give the attacker access to the root memory, which is then written to establish a TCP connection, allowing the hacker to download malicious files and control the computer remotely. Mr. Zovi demonstrated how the attack can be used to hijack Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.

    He states, “There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun.”
    see link

  2. #2
    Major Mac Computer Security Flaw Found
    bobross's Avatar
    Member Since
    Aug 28, 2009
    Location
    Summerville, SC
    Posts
    47
    Specs:
    MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod
    Oh, forgot to ask, does anyone know if the improved security with SL addresses this matter?

  3. #3
    Major Mac Computer Security Flaw Found

    Member Since
    Feb 25, 2009
    Posts
    2,109
    Specs:
    Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
    That article is a short blip of the highlights, and more fear tactics then anything (heck, considering how much appears to near about be straight pulls from Reuters, it could arguably be called plagiarism). If you read the full Reuters article ( Mac flaw could let hackers get scrambled data | Technology | Reuters ) that appears to have been used as reference for the article in your link you'd find that this persons attack ONLY works on already victimized machines.

    The technique that Dai Zovi unveiled on Wednesday -- dubbed "Machiavelli" -- only works on machines that have already been victimized. It can take control of Apple's Safari browser, stealing encrypted data from a user's bank accounts.
    If a machine is already infected (like through an illegal download or getting that well known "video plugin" or potentially some other method) then it'd be easy for any hacker who has control of that virus/trojan/etc. to be able to do many things on a system - especially if the user installed the trojan/virus/etc. using his/her administrator password, which means that now their machine is not only infected, but the malicious software also has full administrative access.

    Now, if this guy had created a hack with a few lines of code that worked on non-victimized machines, then I think it would be a much more major issue. Has a fix been made? No idea - I do know I had security patches for Leopard just a couple days before the SL leopard release, but I don't know what they did, nor do I know if SL would make that sort of an attack more difficult.

    But as I've said before, once a machine has been victimized, if the malicious code was handled right, the system is already an open door for publishing private information. And this is true for Windows as well as OSX.
    My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)

  4. #4
    Major Mac Computer Security Flaw Found
    bobross's Avatar
    Member Since
    Aug 28, 2009
    Location
    Summerville, SC
    Posts
    47
    Specs:
    MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod
    Thank you for the clarification. That was very precise, informative and to the point. I'm a little embarrassed I didn't look deeper into it myself before posting.

  5. #5
    Major Mac Computer Security Flaw Found

    Member Since
    Feb 25, 2009
    Posts
    2,109
    Specs:
    Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
    That's ok - honestly, I missed the link the first time through the article myself, and caught it after reading the comments at the bottom of the page. Being vigilant, like what you have read and brought forth, is definitely not a bad thing.

    People need to be aware that no matter how beautiful an OS is, it's still written by humans, and can and will contain flaws - the moment we disregard that fact is the moment that we begin a downward path into serious risk and potential trouble for both our computers as well as our lives (as so much of our lives are online now, gaining access to our private info could allow for easy theft of identities, property, etc.).

    I love my Mac, but I know OSX isn't perfect, and I won't pretend that what that researcher did isn't a potential concern, but the fact that it requires a already victimized system moves it a little lower on the concern scale.
    My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)

  6. #6
    Major Mac Computer Security Flaw Found
    god0fgod's Avatar
    Member Since
    Jun 24, 2008
    Posts
    196
    Specs:
    Macbook White 2.13Ghz 160GB 10.6.4 (Buggy Version :() Snow Leopard
    The only thing I'm worried about is malware being downloaded by simply visiting infected websites. That happens with Windows. I'm not worried about malware which I have to download with notice because I'm not stupid.

  7. #7
    Major Mac Computer Security Flaw Found
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by god0fgod View Post
    The only thing I'm worried about is malware being downloaded by simply visiting infected websites. That happens with Windows. I'm not worried about malware which I have to download with notice because I'm not stupid.
    None of the exploits that have been discovered has ever evolved into an "in the wild" threat before Apple has patched it.

    And again, we're talking one or two exploits versus the thousands that effect Windows.

    As it stands today, there are a couple of trojans that one might encounter. One type is included with pirated Apple software (iWork '09 and Snow Leopard). The other is disguised as a video codec.

    In both cases, the user has to willfully install the software. With even a modicum of common sense, one can easily avoid these threats.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mac OSX Lion Security Flaw
    By Ozell in forum OS X - Operating System
    Replies: 7
    Last Post: 03-04-2012, 08:58 PM
  2. LDAP flaw in OS X Lion opens major authentication security hole
    By BrianLachoreVPI in forum Apple Rumors and Reports
    Replies: 1
    Last Post: 08-29-2011, 02:37 PM
  3. iBook design flaw found
    By Kilted1 in forum Apple Rumors and Reports
    Replies: 7
    Last Post: 05-13-2007, 03:44 PM
  4. New Serious flaw found on OSX
    By Kyomii in forum OS X - Operating System
    Replies: 17
    Last Post: 02-22-2006, 07:58 AM
  5. Critical Flaw Found in Firefox
    By IChing in forum OS X - Operating System
    Replies: 0
    Last Post: 05-09-2005, 06:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •