Mac OS X easy to crack, says researcher

By Stephen Withers
Friday, 13 March 2009 04:16

Regulation

Page 1 of 2
A well-regarded security consultant has shown just how easy it can be to take illicit control of Mac OS X.
Security consultant Dino Dai Zovi has given a demonstration to the SOURCE security, business and technology conference in Boston in which he broke into a Mac and took photos with its iSight camera.

Dai Zovi explained that Mac OS X's heap memory is poorly protected, and that it is relatively easy to find the location of various libraries.

Various flaws have been found in applications and system components that allow the contents of heap memory to be modified. It is practically certain that not all of these flaws have been fixed, and that there are more waiting to be found.

For example, if a routine doesn't check the length of a string properly, it can be written to an area of memory that's too short to hold it, resulting in other values being overwritten.

If an attacker can cause the contents of that string to include values that correspond to a useful set of machine code instructions and have that deposited at a location that will be executed, it is possible to gain control of the system.

Dai Zovi said that as few as 12 bytes of code are needed for this purpose.

What's the future for Mac OS X security? Please read on.


«StartPrev12NextEnd»

SPONSORED PRESS RELEASES

Independent Research Shows High Customer Satisfaction for NetSuite
NetSuite Inc. (NYSE: N), a leading vendor of cloud computing business management software suites, today announced that technology advisory firm Nucleus Research has completed an independent survey of NetSuite customers and concluded that NetSuite customers are highly satisfied, l...
Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
ComOps Scoops Leading Position in SmartCompany Dun and Bradstreet IT Company Growth List
F5 APAC CIO Survey Underscores Need for Proactive Approach to Application Delivery and Cloud Computing
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking
WatchGuard Enhances Security Software
engin Launches Hosted Phone System for Australian Small Business

Featured IT jobs

Melbourne
Senior Software consultant
Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
Sydney
Database Developer - SQL Server 2005
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Melbourne
Hyperion Planning Consultant
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
Sydney
OBIEE BI/DW Consultant
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed

How YouTube is killing mobile networks, and what to do about it

Microsoft Surface slips into Australia

Wikileaks is back from the brink
 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases