Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OS X is clearly on the radar of exploit-developers.

Love it or hate it, OS X users need to exercise increased vigilance.

Soon, even your beloved little Mac laptop will be spending its spare CPU cycles sending out advertisements for Viagra and Cialis.

The recent news of these vulnerabilities in the OS is getting plenty of attention.  Some would argue that things are being blown out of proportion.  I think there is some lazy journalism, and sensationalism afoot.  Yet, like any FUD-storm there is usually some kernel of truth.  In this case, this kernel is not so small and insignificant.

A quick review of some critical points:

  • The OS X Finder issue allows arbitrary execution of code.
  • There exists proof-of-concept code that demonstrates this vulnerability.
  • There exists easy-to-use tools in the wild to actively exploit this vulnerability.

  • The Bluetooth Directory traversal vulnerability (Bugtraq ID 13491) allows an attacker to access arbitrary files on the system.
  • There exists malicious code in the wild that exploits this (OSX.Inqtana.A ?no CME available)

  • OS X has a disparity of controls when it comes to file headers and file icons. 
  • This was exploited by OSX.Leap.A

Secure or Easy-to-Use: Pick one.  "Security is a compromise" is a well-known axiom.  In an effort to use as little hype as possible I only suggest that now is the time for Mac users to seriously consider anti-virus, personal firewalls, and safe browsing habits.  It is the time for Mac sysadmins to develop strong patch management policies.  This likely means that a Mac is no longer the no-brainer-choice for what computer to get for your parents.

It would also be simply splendid if Jobs would release his patch clusters on any day other than MS Tuesday.

Kevin Liston

292 Posts
ISC Handler
Feb 24th 2006

Sign Up for Free or Log In to start participating in the conversation!