ARLINGTON, Va. -- The good news, those Macs, especially the notebooks in the C-Suite, are getting very popular. The bad news is the days when it was redundant to say "Mac" and "secure" are probably gone.
Mac vulnerabilities are starting to draw attention. With valuable data on corporate notebooks and with a lot more home Mac users shopping and banking online, they are likely to draw attention from Internet criminals.
They're already drawing attention from Internet security researchers, like Italian researcher Vincenzo Iozzo, who showed a Black Hat crowd Wednesday how to inject malicious code into Mac OS X memory. The method leaves no trace of the code, his presence or any sign the attack occurred, frustrating forensics investigators.
"The OS kernel doesn't know about it," he said. "If we list processes on the victim's computer, you won't see our infected binary. And, this means we can write payloads in a high-level language."
The technique subverts the Mach-O file format, which is used to store OS X binaries on disk. The attack binary changes the protection flags on Mach-O's PAGE_ZERO segment, which is used to store malicious code. Iozzo, a student at the Politecnico di Milano University, said the attack can also overcome the address pace layout randomization for libraries introduced with Leopard. ASLR is designed to defeat attacks like his by randomizing memory locations of executables.
The attack depends on a reliable exploit of an unpatched OS X vulnerability so the malicious binary can be injected.
There are already similar techniques for Windows and most Linux versions.
Iozzo and researcher Charles Miller plan to demonstrate the technique against the Apple iPhone at Black Hat Europe in April.