New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus • Advice and insight from world-class Apple enthusiasts • Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

OS 10.5 - Major Mac Computer Security Flaw Found


Post Reply New Thread Subscribe

 
Thread Tools
bobross

 
bobross's Avatar
 
Member Since: Aug 28, 2009
Location: Summerville, SC
Posts: 47
bobross is an unknown at this point
Mac Specs: MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod

bobross is offline
Very interesting -
leading Mac researcher Dino Dai Zovi has unveiled a new attack at the chic Black Hat security conference in Las Vegas. The new technique allows hackers to take control of OS X machines and steal data from them that is supposed to be encrypted.

All the technique needs is access to the memory. A few lines of code will give the attacker access to the root memory, which is then written to establish a TCP connection, allowing the hacker to download malicious files and control the computer remotely. Mr. Zovi demonstrated how the attack can be used to hijack Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.

He states, “There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun.”
see link
QUOTE Thanks
bobross

 
bobross's Avatar
 
Member Since: Aug 28, 2009
Location: Summerville, SC
Posts: 47
bobross is an unknown at this point
Mac Specs: MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod

bobross is offline
Oh, forgot to ask, does anyone know if the improved security with SL addresses this matter?
QUOTE Thanks
Nethfel

 
Member Since: Feb 25, 2009
Posts: 2,109
Nethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of light
Mac Specs: Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10

Nethfel is offline
That article is a short blip of the highlights, and more fear tactics then anything (heck, considering how much appears to near about be straight pulls from Reuters, it could arguably be called plagiarism). If you read the full Reuters article ( Mac flaw could let hackers get scrambled data | Technology | Reuters ) that appears to have been used as reference for the article in your link you'd find that this persons attack ONLY works on already victimized machines.

Quote:
The technique that Dai Zovi unveiled on Wednesday -- dubbed "Machiavelli" -- only works on machines that have already been victimized. It can take control of Apple's Safari browser, stealing encrypted data from a user's bank accounts.
If a machine is already infected (like through an illegal download or getting that well known "video plugin" or potentially some other method) then it'd be easy for any hacker who has control of that virus/trojan/etc. to be able to do many things on a system - especially if the user installed the trojan/virus/etc. using his/her administrator password, which means that now their machine is not only infected, but the malicious software also has full administrative access.

Now, if this guy had created a hack with a few lines of code that worked on non-victimized machines, then I think it would be a much more major issue. Has a fix been made? No idea - I do know I had security patches for Leopard just a couple days before the SL leopard release, but I don't know what they did, nor do I know if SL would make that sort of an attack more difficult.

But as I've said before, once a machine has been victimized, if the malicious code was handled right, the system is already an open door for publishing private information. And this is true for Windows as well as OSX.

My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)
QUOTE Thanks
bobross

 
bobross's Avatar
 
Member Since: Aug 28, 2009
Location: Summerville, SC
Posts: 47
bobross is an unknown at this point
Mac Specs: MacBook Intel 2.4, 10.6.1, XP Partition | 1st Gen Time Capsule | 5th Gen 30GB iPod

bobross is offline
Thank you for the clarification. That was very precise, informative and to the point. I'm a little embarrassed I didn't look deeper into it myself before posting.
QUOTE Thanks
Nethfel

 
Member Since: Feb 25, 2009
Posts: 2,109
Nethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of light
Mac Specs: Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10

Nethfel is offline
That's ok - honestly, I missed the link the first time through the article myself, and caught it after reading the comments at the bottom of the page. Being vigilant, like what you have read and brought forth, is definitely not a bad thing.

People need to be aware that no matter how beautiful an OS is, it's still written by humans, and can and will contain flaws - the moment we disregard that fact is the moment that we begin a downward path into serious risk and potential trouble for both our computers as well as our lives (as so much of our lives are online now, gaining access to our private info could allow for easy theft of identities, property, etc.).

I love my Mac, but I know OSX isn't perfect, and I won't pretend that what that researcher did isn't a potential concern, but the fact that it requires a already victimized system moves it a little lower on the concern scale.

My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)
QUOTE Thanks
god0fgod

 
god0fgod's Avatar
 
Member Since: Jun 24, 2008
Posts: 196
god0fgod is an unknown at this point
Mac Specs: Macbook White 2.13Ghz 160GB 10.6.4 (Buggy Version :() Snow Leopard

god0fgod is offline
The only thing I'm worried about is malware being downloaded by simply visiting infected websites. That happens with Windows. I'm not worried about malware which I have to download with notice because I'm not stupid.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,561
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by god0fgod View Post
The only thing I'm worried about is malware being downloaded by simply visiting infected websites. That happens with Windows. I'm not worried about malware which I have to download with notice because I'm not stupid.
None of the exploits that have been discovered has ever evolved into an "in the wild" threat before Apple has patched it.

And again, we're talking one or two exploits versus the thousands that effect Windows.

As it stands today, there are a couple of trojans that one might encounter. One type is included with pirated Apple software (iWork '09 and Snow Leopard). The other is disguised as a video codec.

In both cases, the user has to willfully install the software. With even a modicum of common sense, one can easily avoid these threats.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks

Post Reply New Thread Subscribe


« boot camp 3.0 download link? | How to set File-type icons instead of Mini-Previews »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Wi-Fi Security schweb Schweb's Lounge 12 05-15-2009 04:31 PM
wtf just happened..... iLEFTOVERCRACK Apple Notebooks 9 06-12-2008 03:26 AM
New Serious flaw found on OSX Kyomii OS X - Operating System 17 02-22-2006 07:58 AM
VPN Troubles shane440 OS X - Apps and Games 0 10-04-2005 11:08 AM
Severe Flash Security Flaw schweb Apple Rumors and Reports 1 03-04-2003 01:03 PM

All times are GMT -4. The time now is 09:31 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?