Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    Mac Coming into Focus As Attack Target

    By
    Lisa Vaas
    -
    June 1, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Compared with Windows, the Macintosh platform is still largely untouched by vulnerability exploits. But the prompt release of exploit code for a vulnerability detailed in a May 24 set of updates shows that its catching up fast when it comes to grabbing the attention of exploit writers.

      “It is very Microsoft. Its something weve grown to expect in Microsoft: The descriptions of patches lead people to write exploits for something thats been patched,” said Rob Enderle, principal analyst for the Enderle Group. “It was only a matter of time before that kind of behavior hit [the Mac] platform. People are going after consumers, and theyre going after consumers broadly.”

      Security research company Immunity released the exploit code—which leveraged a buffer overflow vulnerability in the UPnP Internet Gateway Device Standardized Device Control code thats used to create port mappings on home NAT (Network Address Translation) gateways in the OS X mDNSResponder implementation—less than 24 hours after Apple had released a patch for it. Apple implements the protocol in its Bonjour technology to enable devices to automatically discover each other without users having to enter IP addresses or configure DNS servers.

      The release of the exploit code for this flaw shows that interest in Mac vulnerabilities is high, analysts say. Thats not surprising; even though Macs arent used as broadly in businesses as Windows machines, plenty of consumers use them, Enderle said. Another factor that may be causing attackers to focus more on Macs is that Windows operating systems are getting “much [harder] to penetrate,” he said. And to top it all off, Mac users constitute a “relatively lucrative demographic.”

      “These arent bottom-feeding notebook buyers,” he said. “In overall terms, their number is small. But its always been an attractive target, increasingly so since [Macs] lack secondary protections that Windows [users] enjoy [such as a rich selection of third-party security software], though the primary platform itself [has been] in many cases and still is more secure.”

      At any rate, as pointed out by Ray Wagner, an analyst at Gartner, nobody ever said OS X was impregnable. “Any large code base has vulnerabilities,” he said.

      So no, security analysts arent heading for the hills over the specter of attackers paying more attention to the Mac platform. Rich Mogull, another Gartner analyst, said that the buzz in the hacker underground is that “the bad guys are targeting Macs a little more [but] not enough to be worried about yet.”

      Besides, one has to question the motivations behind the release of Mac exploit code, Wagner said.

      “Often the motivation is some kind of publicity,” he said. “Recognizing vulnerabilities in OS X does have some cachet these days.”

      Still, many analysts would like Apple to get more serious about security.

      “Apple is as much out of touch as Microsoft was half a decade ago,” Enderle said, pointing to the fact that Apple has no chief security officer. “Everybody has to take security seriously. Theres no Switzerland when it comes to attacks. If you have something somebody wants theyre going to find a way to get it.”

      /zimages/1/28571.gifWhy is the Mac platform more secure than Windows? Click here for David Morgensterns view.

      Another thing that analysts fault is Apples lack of a solid patch process—one thats regularly scheduled, such as Microsofts Patch Tuesday or Oracles tri-monthly patch releases. “To date [Apple isnt] warning users much about problems and exposures,” Enderle said. “[Its] kind of easing into this, not embracing a security ecosystem that lets people get ahead of the curve and take care of problems before they occur. … [It tackles] individual problems and [it thinks that] if it fixes a given problem it will go away.”

      Mogull credits Apple with being increasingly responsive with putting out patches, in spite of not having a process as formalized as Microsofts.

      Still, he said, there are things Apple should be doing to its operating system that would help to secure it.

      Next Page: Analysts want to see ASLR in the Mac OS.

      2

      One such thing analysts would like to see in a Mac operating system is ASLR (address space layout randomization)—a technology designed to allocate random space for memory, thus making it harder for an attacker to figure out addresses of critical functions and hence harder to get exploits running correctly. Microsoft implemented ASLR in Vista. Although Symantec discovered that ASLRs shuffling of the address space deck, randomly locating programs in memory, wasnt as random as expected, this technique of memory handling is one of multiple security enhancements in Vista that early adopters cite as their No. 1 reason to deploy the new operating system.

      But although Apple hasnt yet implemented ASLR, it has in fact recently added NX (No eXecute) bit to its memory handling in Mac OS X for Intel (from version 10.4.4 onwards), Mogull noted. Sections of memory flagged with the NX bit attribute can only be used for storing data, meaning that commands shouldnt reside there and cant be executed if they do. This prevents attackers from exploiting buffer overflows, during which memory overflows and overwrites some areas in memory that can be executable. (An attacker exploiting a buffer overflow sends commands to memory that are supposed to hold data, but since the processor cant tell the difference, it runs the commands instead.)

      “[Famed hacker] HD Moore [and his ilk] can get around that stuff. I sure cant,” Mogull said. “But it does offer extra protection.”

      But there are also some services running on OS X that can be exploited, Mogull said. Input Managers in particular are well-known to be security flaws in Macs. An Input Manager is an aspect of text input, enabling such things as the entry of non-Arabic characters.

      But, as Matt Neuberg, a blogger on the Mac Internet community forum TidBITS, pointed out, the trouble is that input managers inject themselves into every application as it starts up. “Thus an Input Manager is a general, legal method to modify application behavior,” Neuberg writes. “Naturally it didnt take long for the thought to occur to someone that such modification need have nothing to do [with] inputting text! Thus, Input Managers—or, at least, bundles of code installed in a Librarys InputManagers folder—are the basis of many popular hacks, including StuffIt Deluxes MagicMenu feature, CocoaGestures, Smart Crash Reports, certain Growl Extras, PithHelmet (and SIMBL), Saft, Inquisitor, and many others (as those last examples show, this is a particularly popular way to hack Safari).”

      Input Managers were also used as part of one bug featured in the Month of Apple Bugs, on Jan. 22, 2007.

      /zimages/1/28571.gifClick here to read more about the Month of Apple Bugs.

      Mogull is hearing that Input Managers, which allow attackers to execute arbitrary code when applications launch, will be locked down when Apple ships its next version.

      At any rate, in spite of what Apple still hasnt done with regard to security, there are Mac exploits, but there are no mass Mac exploits.

      Is this merely a function of Apples small market share? Mogull grants that yes, the security shortcomings he sees in Mac OS X would mean that Apple might be having some problems if it had Microsofts market share. Still, its a pretty secure platform, he said. “Its not like its wide open.” Even after the CanSecWest security conference, when hackers broke into a Mac in a Pwn-2-Own contest, Apple had the vulnerability patched within eight days, he noted.

      “Macs are not the bastions of security a lot of people would have you believe, but its not like Apples doing everything wrong, like some of the hacker types would have you believe,” Mogull said.

      Still, it will be a good day when the company gets its first CSO, he said.

      “If we saw Apple getting up and warning people about things people are using to penetrate [its operating system], and talking about practices beyond patching, and embracing Symantec [and its Macintosh security products] instead of treating them like you would any other evil,” it would all be for the good, he said.

      “At some point you have to step up to full responsibility of protecting your platform, and that means being aggressive about protection.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×