Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Vulnerability Exploit for Snow Leopard - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerability Exploit for Snow Leopard

Today there was a brief discussion among a few Handlers regarding the vulnerability reported by Microsoft in March.  The discussion was not so much on the fact that there was an exploit for a Mac OS, or that it was published by Microsoft.  The discussion was focused on the sense of complacency that has seemed to develop around Mac products where security is concerned.

Looking back to 2001, Larry Ellison proudly proclaimed Oracle was ‘unbreakable’  (That statement proved to be untrue, and the hacking community gladly pointed that out to Oracle very quickly.)  At the time he most likely based his statement on the fact that there were no known vulnerabilities in the database application at the time.  And, at that moment in time, it may have been true.  But time marches on....

While the Mac operating systems may not have the number of vulnerabilities that exist in other operating systems, they do exist, and it is only a matter of time before those vulnerabilities play out in the public.  We as security professionals would be wise to look at the history of end-user platforms and plan accordingly.  It is only a matter of time, as the exposure of these systems increases, the number of reported vulnerabilities will increase.

Thoughts?

tony d0t carothers - gmail

Tony

150 Posts
ISC Handler
From http://www.apple.com/why-mac/faq/#viruses

> Is a Mac safe from PC viruses?
> Yes.

Agreed, some text follows that puts things in perspective. However the ending sentences

> And Apple continually makes free security updates available for Mac owners. You can even have them download automatically.

makes me wonder when Apple wrote this.

Regarding Oracle: published vulnerabilities go back to at least 1996, see http://catless.ncl.ac.uk/Risks/17.88.html#subj8 (source: Google cache of attrition.org which appears to be down, or visit http://web.archive.org/web/20110624233211/http://attrition.org/security/rant/oracle01/ ).
Erik van Straten

122 Posts
"> Is a Mac safe from PC viruses?
> Yes."

And a PC is safe from Mac viruses. That's because a Mac cannot open a .EXE and a PC cannot open a .DMG.

Neither is safe from multi-platform malware, that exploits a common multi-platform application vulnerability such as Flash/Java and contains two different payloads, one of which is deployed dependant on which platform has been compromised.

Mysid

146 Posts
The final paragraph is the most telling -- it's not the OS exploits that are the biggest risk anymore, it is the APPLICATION vulnerabilities. All vendors need to work on making their app updates manageable and find effective ways to get customers to keep up!
Paul

44 Posts
Oracle to bring Java security fixes directly to Mac user ...
- http://atlas.arbor.net/briefs/index#-1272909644
Severity: Elevated Severity
Published: Monday, April 30, 2012 16:24
Oracle is now providing a direct version of Java to OSX users.
Analysis: This is a positive development that will hopefully reduce OSX malware. The lag in patch time between Oracle and Apple has been a thorn in the side of security for some time and the pain of the recent Flashback trojan, the SabPub trojan, and now another OSX malware using the same Java security hole has been significant enough that users should migrate towards Oracle Java as soon as possible. Cyber criminals are aware that OSX is a viable platform for malware, and will have their eyes open for other gaps in coverage...
.
Jack

160 Posts
@MySid: there is no such thing as a "PC virus" and a Mac _is_ a PC.

Of course I agree that the answer to "Does a Mac running IOS prevent MS Windows binary malware from executing?" is yes.

However, if you read the answer to the "FAQ", an experienced reader can see that the question "Is a Mac safe from PC viruses?" is deliberately marketing speak targeting noobs. The intended audience will interpret this FAQ as "Is a Mac invulnerable to malware?".

In the college my wife works at all pupils and staff ars switching from PC's running Windows to MacBook Pro's. Why? Because supposedly there is no malware for Mac's.
Erik van Straten

122 Posts
As Apple gains more of the market share, their products will be attacked more. Third-party application attacks used to be created mainly for Windows systems but now more are including Mac exploits as well.

Brian Krebs wrote an article back in 2006 titled "Bringing Botnets Out of the Shadows" which mentioned a botnet I was doing research on that consisted of Linux and Mac systems. The mere mention of this caused a firestorm, to say the least. The complaints were coming from those that can be considered "fans" of their products.

The funny thing? The very computers they typed their outrage on is now vulnerable to the Java exploit, forever until the end of time. :) Oh, the irony.

Denying the possibility of security vulnerabilities for Mac systems is dangerous to their end users (which of course, includes me).
@Miss_Sudo

12 Posts
While we aren't seeing much news on it, I'm pretty sure there are a lot of Apple computers out there still infected w/ Flashback. Surprising the number of 10.6 and 10.7 users that simply don't update (or don't know how to which is scary), let alone those running unsupported versions just being left hanging.

http://www.zdnet.com/blog/bott/oxford-university-it-staff-somewhat-overwhelmed-by-mac-malware/4937
Dean

135 Posts
http://www.zdnet.com.au/flashback-infections-on-the-rise-intego-339337429.htm
Dean

135 Posts

Sign Up for Free or Log In to start participating in the conversation!