Thursday, February 19, 2009

New Hacking Method Stealthily Attacks Macs With Malware

Neil Roiter writes on

The good news, those Macs, especially the notebooks in the C-Suite, are getting very popular. The bad news is the days when it was redundant to say "Mac" and "secure" are probably gone.

Mac vulnerabilities are starting to draw attention. With valuable data on corporate notebooks and with a lot more home Mac users shopping and banking online, they are likely to draw attention from Internet criminals.

They're already drawing attention from Internet security researchers, like Italian researcher Vincenzo Iozzo, who showed a Black Hat crowd Wednesday how to inject malicious code into Mac OS X memory. The method leaves no trace of the code, his presence or any sign the attack occurred, frustrating forensics investigators.

"The OS kernel doesn't know about it," he said. "If we list processes on the victim's computer, you won't see our infected binary. And, this means we can write payloads in a high-level language."

The technique subverts the Mach-O file format, which is used to store OS X binaries on disk. The attack binary changes the protection flags on Mach-O's PAGE_ZERO segment, which is used to store malicious code. Iozzo, a student at the Politecnico di Milano University, said the attack can also overcome the address pace layout randomization for libraries introduced with Leopard. ASLR is designed to defeat attacks like his by randomizing memory locations of executables.

More here.


Post a Comment

<< Home