A Mac OS X attack that leaves no trace

[Habakuk]

http://www.heise-online.co.uk/security/A-Mac-OS-X-attack-that-leaves-no-trace--/news/112481

Vincenzo Iozzo, an Italian security researcher, says he's discovered a new way to inject executable code directly into the memory of a Mac OS X machine without leaving any trace behind. That would make detection of an attack considerably more difficult.

Attackers normally leave files on the hard disk, such as their own code and virus scanners can spot these, but Iozzo's technique could be used to run a binary file entirely in the memory area of the program under attack, so that no change is made to the hard disk. It could also be exploited on an iPhone, which after all runs a modified version of Mac OS X.

Iozzo intends to present his discovery at the Black Hat security conference in February, and then publish a sample program written in C for Mac OS X 10.5.

 

[Theophany]

Thank goodness he's on our side.

 

[synagence]

Hopefully he's presented his findings to apple 1st though so they can mitigate this threat

 

[Riemann Zeta]

Wouldn't this cease to be viable the second after one rebooted their machine? If not, it must be one hell of an attack, somehow getting around the volatility of RAM.

 

[ppc750fx]

Holy crap -- you mean he's found a way to run code in RAM only?!? Wow! That's... uh... pretty normal actually. In fact, that's what most exploits for most platforms do. Pretty much any buffer overrun can be used to do the exact same thing as this "revolutionary", "new" technique.

This reeks of the sort of sensationalism and half-assed reporting that we've seen in recent years. Kinda like whenever Intego notices a dip in their sales and decides to write a puff piece on the latest trojan, this article is just junk meant to scare you and make you take notice of a person/company with an axe to grind. Ignore it, and stop doing their PR for them.