Do Viruses Exist On Mac?

[snowmoon]

Anyway this is what concerned me enough to post, I don't know enough about Macs to know if this is a genuine threat or not. They say this can get root access with no password prompt.

http://www.h-online.com/security/Root-exploit-for-Mac-OS-X--/news/113075

Please ease my fears guys
-Mus

It's a real threat and I'm sure once advised, Apple will patch the bug; that said there is no known threat "in the wild" based on this possible exploit. Just like everything else naysayers have brought up, this is a theoretical problem, but one that has yet to actually turn into a viable threat against the platform.

Maybe someday things like this will turn into real malware, but for now I wouldn't worry yourself.

 

[Jethryn Freyman]

It's a real threat and I'm sure once advised, Apple will patch the bug; that said there is no known threat "in the wild" based on this possible exploit. Just like everything else naysayers have brought up, this is a theoretical problem, but one that has yet to actually turn into a viable threat against the platform.

Maybe someday things like this will turn into real malware, but for now I wouldn't worry yourself.

Apple need to patch that.

In the meantime, don't open disk images from untrusted sources, and turn off Safari's automatic open function, if you use Safari.

 

[PeterQC]

http://www.h-online.com/security/Root-exploit-for-Mac-OS-X--/news/113075

Please ease my fears guys
-Mus

Like others have pointed the easy solution is to not open suspicious DMG files, which if you don't download software from already suspicious sources (aka: Torrent, LimeWire, etc.) should not be a problem. And even through you do it anyway, there's no known malware for now that use this to infect the computer. And EVEN if it did, an antivirus would be probably useless.

Oh, and this problems might well be fixed with 10.5.7 and/or Snow Leopard, so I would bet it's only a matter of time to be fixed.

 

[Phil A.]

Like others have pointed the easy solution is to not open suspicious DMG files, which if you don't download software from already suspicious sources (aka: Torrent, LimeWire, etc.) should not be a problem. And even through you do it anyway, there's no known malware for now that use this to infect the computer. And EVEN if it did, an antivirus would be probably useless.

Oh, and this problems might well be fixed with 10.5.7 and/or Snow Leopard, so I would bet it's only a matter of time to be fixed.

Actually, this is potentially a huge problem, and unfortunately makes OS X as exploitable as Windows: I said a while ago on another thread that a possible attack vector within OS X was exploitation of applications / services with the SUID bit set (i.e. the application runs as root).

This exploit does exactly that and the end result is that it can run anything it likes as root, which means it can install malware, trojans, worms, etc without the user being prompted for anything.

The big issue is that Safari out of the box will automatically open .dmg files after downloading, which opens up the very real possibility of drive by downloads.

Imagine this scenario: A windows user has seen Apple's adverts and goes and buys a Mac because they think they will be more secure. They happily start browsing the internet, safe in the "knowledge" that there are "no viruses" for OS X. They stumble across a website hosting a .dmg file containing the exploit (which could be on a legitimate site that has been hacked). Safari downloads the file, opens the .dmg and they are owned with no warning, and no chance to prevent it.

In what way is this different to the way Windows is exploited?

 

[Jethryn Freyman]

In what way is this different to the way Windows is exploited?

This kind of security bug is exactly the same kind of thing.

It's a shame Apple is so slow at patching vulnerabilities.

And I'm guessing your question was rhetorical

 

[Phil A.]

And I'm guessing your question was rhetorical

It was indeed

With a viable attack vector and a proven Trojan already written, the age of innocence for OS X users is coming to an end...

 

[snowmoon]

This is not the first, nor the last root exploit for OSX. None has panned out into active malware for the platform. The sky is not falling, the wolf hunt can be called off.

As for the other presumptions.

SUID root applications in the system have been through the ringer. 3rd party applications require your administrative password in order to get SUID ( either directly or through the installer ). Mounted .dmg files volumes have a number of restrictions including nodev, nosuid, read-only, noowners, and quarantine to prevent the obvious front door that auto-exec on windows allows. Apple has even suffered from SUID exploits ( ARDAgent for one ) in the past with only limited repercussions.

How many applications on Leopard are suid? Not many because of the obvious security implications. Looking at my own system here are the applications that have suid bits ( out of the 117 in my /Applications directory ) so I would say 3rd party suid helpers are, thankfully, rare.

Carbon Copy Cloner
Adobe CS3
MacFuse
GoogleUpdater

When Apple finally opens the sandboxing protocol I would expect these vendors to install these SUID applications in a sandbox. This would further limit the harm that a binary exploit would cause. I would also expect to see greater snadbox use by Apple themselves with each new major OS release.

Apple has dozens of suid/sgid applications, most of them are the BSD tools which have a long history and have been "battle hardened" over the decades of their use. I really doubt that the BSD layer will be the one exploited under OSX.