Article

New hacking method stealthily attacks Macs with malware

Neil Roiter

ARLINGTON, Va. -- The good news, those Macs, especially the notebooks in the C-Suite, are getting very popular. The bad news is the days when it was redundant to say "Mac" and "secure" are probably gone.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Mac vulnerabilities are starting to draw attention. With valuable data on corporate notebooks and with a lot more home Mac users shopping and banking online, they are likely to draw attention from Internet criminals.

They're already drawing attention from Internet security researchers, like Italian researcher Vincenzo Iozzo, who showed a Black Hat crowd Wednesday how to inject malicious code into Mac OS X memory. The method leaves no trace of the code, his presence or any sign the attack occurred, frustrating forensics investigators.

Black Hat DC Briefings:
Intel Trusted Execution Technology is flawed, Black Hat researchers show: Security researchers Joanna Rutkowska and colleague Rafal Wojtczuk have discovered new Intel bugs that would allow attackers to bypass Intel Trusted Execution Technology.

SSLstrip hacking tool bypasses SSL to trick users, steal passwords Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.

"The OS kernel doesn't know about it," he said. "If we list processes on the victim's computer, you won't see our infected binary. And, this means we can write payloads in a high-level language."

The technique subverts the Mach-O file format, which is used to store OS X binaries on disk. The attack binary changes the protection flags on Mach-O's PAGE_ZERO segment, which is used to store malicious code. Iozzo, a student at the Politecnico di Milano University, said the attack can also overcome the address pace layout randomization for libraries introduced with Leopard. ASLR is designed to defeat attacks like his by randomizing memory locations of executables.

The attack depends on a reliable exploit of an unpatched OS X vulnerability so the malicious binary can be injected.

There are already similar techniques for Windows and most Linux versions.

Iozzo and researcher Charles Miller plan to demonstrate the technique against the Apple iPhone at Black Hat Europe in April.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: