No. 1 Story

Technology reinforces generation gap

If you believe that technology could be bridging the generation gap, think again. According to Deloitte’s first State of the Media report it’s as stark as ever.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
Read More
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Read More
Recruitment technology and social media have played a significant role in growing business in...
Read More
Fancy a 4G Windows Phone? Your wait may be over next Tuesday when Telstra...
Read More
Microsoft and its partners such as Nokia and HTC are trumpeting the virtues of...
Read More

More From

Popular Threads

What Apple should do to make Leopard more secure

Stuart Corner
Sunday, 09 March 2008 15:55

Your IT - Home IT

View Comments
Page 1 of 2
Subrosasoft's MacForensicLabs has published a white paper describing vulnerabilities in the Mac OS X operating system making recommendations to Apple on how to reduce or eliminate these.
The white paper identifes three key aspects of OS X that it says could be exploited: the 'bundle' architecture under which the many files associated with an application are bundled together and appear to the user as a single file; the fact that the application folder in which these files are stored has no access restrictions; and the centralised Address Book application whose database can be read and written by any program running on the computer.

Components of an application 'bundle' could include multiple executables for different platforms such as Classic Mac OS, PowerPC or Intel-based computers, multiple language files so that a single copy of the application bundle can be used in different countries and appear in the native language of that country, graphics, buttons and media resources used within the application and help files, manuals, etc.

According to the White Paper, "The structure of the bundle architecture makes it easier to piggyback executable code within an existing trusted application by simply renaming the existing executable [eg] iTunes found in the [applications folder] and inserting a second executable into the [applications] folder with the original's executable name. When the user executes the bundle (in this case iTunes.app) the virus code would execute instead. The virus would then launch the renamed iTunes executable so that the user would not be aware they had run the wrong program."

Mac OS X also makes use of the bundle architecture for storage of user documents in many modern applications such as iMovie, iDVD, and the many pro tools. These bundles typically have their file extension marked invisible so, the white paper says, "it is possible to disguise an executable program as a data 'file' for such a tool. These bundles can open both their own malware code as well as the desired real application whilst conserving the look and feel of the real data." CONTINUED


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases