I guess Black Hat just gets hackers excited and optimistic for more bad news. This leads them to believe, for example, that Apples move to x86 for the Mac will make the platform less secure.
Claims like these raise basic questions about what creates a vulnerability in an operating system and how attackers exploit them. The short answer is that rarely, if ever, are the existence of vulnerabilities related to the specifics of one processor architecture versus another.
And the fact that a programmer may be familiar with programming Windows on an x86-based system is of only small advantage to him (or her) when attacking Mac OS on that same system.
One other argument for why its easier to exploit x86 chips is the old CISC vs. RISC debate, but essentially in reverse. The notion is that its easier to program CISC processors in assembly language, so its easier to write exploit code. This has only the slightest suggestion of truth to it.
On top of being largely irrelevant, its not even as true as it might seem. The PowerPC instruction set is famous for being the most complex of RISC instruction sets. It does have many RISC characteristics like regular instruction formats (all 32-bit), but it does many unRISCy things, like permitting misaligned data access.
For many, but not all types of vulnerability research, researchers need to be able to trace through programs in a debugger, examining their behavior at the most basic level to see if there are ways to exploit it.
So you absolutely need some familiarity with assembly language programming, although you dont really need to be a good programmer. (Its always easier to break something than to build it.)
And once you find a vulnerability, you need to exploit it and, usually, to inject and execute “shell code,” which is a software environment in which you can execute arbitrary commands.
Most programmers pull existing shell code out of other exploits that are easily available and certainly there are some around for PowerPC. But even if you had to write one, I suspect it would be easier to write it in C and compile it.
If you ever look at exploit code that gets passed around on the Internet, its usually mostly C with a big block of data that comprises the shell code declared as hex values. Theres a lot more assembly analysis than assembly programming to exploitation.
And its not uncommon for vulnerabilities on operating systems and applications that support multiple CPUs to be exploitable on all of those processors.
The vulnerability is in the structure of the program, not strictly in the implementation generated by the compiler. Youre far more likely to be able to leverage an exploit from the PowerPC Mac OS on the x86 Mac OS than you are an x86 Windows attack on x86 Mac OS.
Apple has had no shortage of vulnerabilities disclosed in the last several years. FRSirt lists 33 for the last year, and 13 of them are rated as “critical.”
Why were there no major exploits of these vulnerabilities? Was it because they were too hard to do? Of course not. They werent worth exploiting because there are a dearth of actual Mac systems out there, and they have reasonably good defenses available to them.
So what changes when the Mac moves to x86? If Apples market-share shoots up and attackers suddenly have a better shot of finding Macs to attack, then more malware will be written to the Mac. But it wont be any easier to exploit for being on x86.
Lots of real vulnerability news comes out of the average Black Hat conference, but theres also typically a share of weird ideas out of left field, and this is one of them.
Perhaps those black hats are on a bit too tight for the arteries in the brain.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer