Sophisticated new technique could allow for stealthier Mac attacks

“Fans of Apple computers often boast about superior security. But as Macs have gained in popularity over the past few years, this has brought much more attention from hackers. At a presentation scheduled to take place today at the Black Hat DC computer-security conference in Washington, DC, one security expert will reveal a technique for attacking the Mac operating system–OS X–without leaving a trace,” Erica Naone reports for Technology Review.

“Similar techniques have targeted both Windows and Linux machines for several years. They allow an attacker to cover her tracks, eliminating vital evidence that an investigator might normally use to prove that a machine has been compromised; they might also allow the investigator to put together details of the incident. Bringing the technique to the Mac, however, required a significantly more sophisticated approach,” Naone reports.

“Vincenzo Iozzo, a student at the Politecnico di Milano, in Italy, explains that the technique allows an attacker to break into a machine without leaving a trace in its permanent memory, which means that evidence of the attack will disappear as soon as the victim’s computer is turned off,” Naone reports.

“Predicting where to inject the malicious code is made more difficult by a security feature in OS X that stores the variables needed to keep the attack untraceable in random locations within memory. However, Iozzo discovered a way to anticipate where the variables would be stored based on pieces of information that remain unchanged,” Naone reports.

“Iozzo says that it may take time for Apple to respond to his technique because it exploits fundamental elements of the operating system’s structure that can’t be changed with a simple software patch. He says that it may require a larger upgrade, such as the introduction of the new version of OS X, called Snow Leopard, which is scheduled to ship in 2010,” Naone reports.

Full article here.

MacDailyNews Note: Apple’s Mac OS X Snow Leopard information webpage was posted online in June 2008 and has always stated, “scheduled to ship in about a year.” This puts Mac OS X Snow Leopard’s release around June 2009, less than 4 months from now, not “in 2010.” As for Iozzo’s technique: it’s interesting, but nothing much to worry about right now, if ever, and should ultimately help Apple to bolster Mac OS X’s already very robust security.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.