"Macs are as easy to hack as they are to use", according to researcher Charles Miller.
Miller and his colleagues at Independent Security Evaluators discovered the first known vulnerability within the Apple iPhone.
During his presentation, "Hacking Leopard: Tools and techniques for attacking the newest Mac OS X", at the recent Black Hat conference, Miller said that, for some reason, the Mac OS has over 50-plus suid root programs.
Suid stands for "set user ID" and is used to temporarily elevate privileges to perform a specific task, such as running executables.
Given the root access provided by these tools, they provide at least one vector for attack.
Another vector is Safari, which, when opened, also opens several applications, including: Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter.
A flaw in any one of these could be easily exploited over the web. That's because Apple's operating system doesn't randomise the location of the stack, the heap, the binary image or the dynamic libraries, meaning an attacker would know where in memory these applications are loaded on almost every machine running Mac OS X.
Open source is yet another vector for new attacks on Apple Macs.
Read this
Feature: Locating the real threats to corporate security
With organised criminals seizing the opportunities of cybercrime, how accurate is the established belief that company insiders are the biggest threat to IT security?
Miller said that, on 31 July, Apple did update its version of Samba — but that was for the first time in two and half years, and the latest version still fell short of the current open-source version.
Miller said his formula for finding a zero-day flaw on a Mac is this: "Find an open-source package that they use that's out of date — there's, like I said, plenty of those."
He then suggested reading through the change log for the current version of any of the above open-source software to find a useable bug that's been fixed in the newer version but which is still vulnerable to Mac OS X users.
Miller said, by doing this, "you won't have to worry about static analysis or fuzzing or any of that stuff".
Several attempts to contact Apple for comment on this story went unanswered.
Talkback
Aided in no small way by ZDNET
Thanks for your message Longmover. It's certainly not our intention to spread FUD. We are, however, reporting the opinions of a high-profile individual, which he is entitled to, whatever his motives might be. I'm keen to point out that, while Macs can of course be targeted by hackers, it's certainty not the only platform under threat!
We Mac users are a small yet faithful minority in the realm of computer users. While the news of MacHackers is up this year, it won't dissuade me from buying a new one come December.
Well indeed. There are fewer loyal groups of followers than Mac users! And I'm quite a fan myself for certain tasks. Certainly our video producers here are extremely attached to them.
There have been a stream of attacks on Macs recently, but I think you have to keep it in proportion with the number of attacks on Windows.