Stephen Withers
Friday, 13 March 2009 05:16
IT Policy -
Regulation
Page 1 of 2
A well-regarded security consultant has shown just how easy it can be to take illicit control of Mac OS X.
Security consultant Dino Dai Zovi has given a demonstration to the SOURCE security, business and technology conference in Boston in which he broke into a Mac and took photos with its iSight camera.
Dai Zovi explained that Mac OS X's heap memory is poorly protected, and that it is relatively easy to find the location of various libraries.
Various flaws have been found in applications and system components that allow the contents of heap memory to be modified. It is practically certain that not all of these flaws have been fixed, and that there are more waiting to be found.
For example, if a routine doesn't check the length of a string properly, it can be written to an area of memory that's too short to hold it, resulting in other values being overwritten.
If an attacker can cause the contents of that string to include values that correspond to a useful set of machine code instructions and have that deposited at a location that will be executed, it is possible to gain control of the system.
Dai Zovi said that as few as 12 bytes of code are needed for this purpose.
What's the future for Mac OS X security? Please
read on.
