Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - OS X is clearly on the radar of exploit-developers. InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OS X is clearly on the radar of exploit-developers.

Published: 2006-02-24
Last Updated: 2006-02-24 23:49:44 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Love it or hate it, OS X users need to exercise increased vigilance.

Soon, even your beloved little Mac laptop will be spending its spare CPU cycles sending out advertisements for Viagra and Cialis.

The recent news of these vulnerabilities in the OS is getting plenty of attention.  Some would argue that things are being blown out of proportion.  I think there is some lazy journalism, and sensationalism afoot.  Yet, like any FUD-storm there is usually some kernel of truth.  In this case, this kernel is not so small and insignificant.

A quick review of some critical points:

  • The OS X Finder issue allows arbitrary execution of code.
  • There exists proof-of-concept code that demonstrates this vulnerability.
  • There exists easy-to-use tools in the wild to actively exploit this vulnerability.

  • The Bluetooth Directory traversal vulnerability (Bugtraq ID 13491) allows an attacker to access arbitrary files on the system.
  • There exists malicious code in the wild that exploits this (OSX.Inqtana.A ?no CME available)

  • OS X has a disparity of controls when it comes to file headers and file icons. 
  • This was exploited by OSX.Leap.A

Secure or Easy-to-Use: Pick one.  "Security is a compromise" is a well-known axiom.  In an effort to use as little hype as possible I only suggest that now is the time for Mac users to seriously consider anti-virus, personal firewalls, and safe browsing habits.  It is the time for Mac sysadmins to develop strong patch management policies.  This likely means that a Mac is no longer the no-brainer-choice for what computer to get for your parents.

It would also be simply splendid if Jobs would release his patch clusters on any day other than MS Tuesday.

0 comment(s)
Diary Archives