Maliciously Attack Mac OS X and Leave No Trace
Article by George Norman
On 26 Jan 2009
It would seem that the Trojan that comes bundled with pirated versions of iWork ’09 is not the only security issue affecting the Mac OS X. An Italian researcher has discovered a means of attacking the operating system, and by that I mean executable code injection directly into the memory, without leaving a telltale trace behind. Without that trail, it would be nearly impossible for security researchers and security software to detect an attack.

“My attack is an implementation of a technique called userland-exec. This technique makes it possible to launch an executable on a machine without invoking the kernel and that it is present on your disk. But it can not be considered a vulnerability in the usual sense. In fact, the attack is made possible in practice because of an inherent problem of Mac OS X has long known, namely the lack of randomization dynamic linker within space processes,” said Vincenzo Iozzo, the Italian researcher mentioned above, in an interview for oneITsecurity.

Advertising

According to Vincenzo Iozzo the technique does not make life easier for would-be Mac OS X hackers, it simply allows an attacker to inject an entire executable as opposed to just a shellcode, thus making it a lot easier to execute malicious code on the targeted system. Not only is this technique groundbreaking (you could not inject entire .exe files before), it also cleans up behind it leaving no trace whatsoever on the targeted machine (once it is shut down). The only way one could detect the attack is by using a network intrusion detection system or an anomaly intrusion detection system.

Vincenzo Iozzo plans to present more in-depth details and a proof-of-concept exploit during his “Let Your Mach-O Fly” presentation which will be held at the Black Hat Conference, this February in Washington DC.



Tags: Apple, Mac OS X, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.
Related News
By George Norman on 03 Apr 2012
Intego, company that provides security solutions for Mac, unveiled its new logo and new website
By George Norman on 28 Mar 2012
On Tuesday, March 27, security company Avira presented its new security solution for Mac, the appropriately named Avira Free Mac Security
By George Norman on 17 Feb 2012
On Thursday, the 16th of February, Cupertino-based software developer Apple announced that it rolled out a developer preview of the 9th major release of its Mac OS X operating system, mainly Mac OS X 10.8 Mountain Lion
By George Norman on 30 Jan 2012
Here is another chance to get Intego products for your Mac OS X-powered machines for a significant discount. Intego is having a sale that is even better than
Advertising
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Maliciously Attack Mac OS X and Leave No Trace
HTML Linking Code