March 14, 2009
Well-known security consultant Dino Zovi has given a demonstration to the Internet security community,
business and technology "Souce Conference" in Boston this week, in which he broke into a Mac OS X in an effort to
demonstrate that the operating system isn't as secure as some would believe.
Zovi explained that the heap memory in the Mac OS X operating system is poorly protected, and that it is
relatively easy to find the location of its various libraries.
So far, various security holes have been found in some applications and their system components that can
allow the contents of heap memory to be modified by a potential attacker.
"It is safe to assume that not all of these security holes have been fixed as of today, and that there
are more waiting to be found soon," said Zovi.
Zovi demonstrated an instance that if a routine doesn't check the length of a string properly, it can
be written to an area of memory that's too short to hold it, resulting in a buffer overflow.
He added that as little as 12 bytes of code are needed for this crack to work.
If a potential hacker can cause the contents of that string to include values that correspond to a useful
set of machine code instructions and have that deposited at a location that will be executed, it is possible
to gain full control of the operating system!
Zovi also said that Mac's Safari Web browser is regarded as one of the easiest to hack as well.
Charlie Miller, the winner of the PWN 2 OWN contest at CanSecWest last year has predicted that Safari
will be the first browser to fall in 2009's contest as well.
Apple isn't unaware of these problems either! Zovi was also quick to point out that the version of OS X
running on iPhone isn't vulnerable to the methods he used in his demonstration, however.
But some observers still think that it will probably be more difficult once Mac OS X 10.6 code-named 'Snow
Leopard' arrives, as its version of Address Space Layout Randomisation will be much more effective, making it
more difficult to exactly determine the location of specific routines.
Also, writable RAM memory will be marked as non-executable at the same time, which will help complicate
matters even more...
The next "Source Conference" is scheduled for September 21 and 22, 2009 in Barcelona, Spain.
Source: "S. Conference 2009", Boston, MA.