News Stay informed about the latest enterprise technology news and product updates.

New hacking method stealthily attacks Macs with malware

Italian researcher Vincenzo Iozzo demonstrates how to inject malicious code directly into Mac OS X memory, leaving no trace for forensics investigation.

ARLINGTON, Va. -- The good news, those Macs, especially the notebooks in the C-Suite, are getting very popular. The bad news is the days when it was redundant to say "Mac" and "secure" are probably gone.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Mac vulnerabilities are starting to draw attention. With valuable data on corporate notebooks and with a lot more home Mac users shopping and banking online, they are likely to draw attention from Internet criminals.

They're already drawing attention from Internet security researchers, like Italian researcher Vincenzo Iozzo, who showed a Black Hat crowd Wednesday how to inject malicious code into Mac OS X memory. The method leaves no trace of the code, his presence or any sign the attack occurred, frustrating forensics investigators.

Black Hat DC Briefings:
Intel Trusted Execution Technology is flawed, Black Hat researchers show: Security researchers Joanna Rutkowska and colleague Rafal Wojtczuk have discovered new Intel bugs that would allow attackers to bypass Intel Trusted Execution Technology.

SSLstrip hacking tool bypasses SSL to trick users, steal passwords Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.

"The OS kernel doesn't know about it," he said. "If we list processes on the victim's computer, you won't see our infected binary. And, this means we can write payloads in a high-level language."

The technique subverts the Mach-O file format, which is used to store OS X binaries on disk. The attack binary changes the protection flags on Mach-O's PAGE_ZERO segment, which is used to store malicious code. Iozzo, a student at the Politecnico di Milano University, said the attack can also overcome the address pace layout randomization for libraries introduced with Leopard. ASLR is designed to defeat attacks like his by randomizing memory locations of executables.

The attack depends on a reliable exploit of an unpatched OS X vulnerability so the malicious binary can be injected.

There are already similar techniques for Windows and most Linux versions.

Iozzo and researcher Charles Miller plan to demonstrate the technique against the Apple iPhone at Black Hat Europe in April.

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.