'Month of Kernel Bugs' Ends, First Adware for Mac OS X?

[hulugu]

Couldn't that be just because Windows security (or lack thereof) has already been thoroughly examined by the industry at large and therefore wasn't as high a priority?

Right, they were looking for a particular set of problems, specifically kernel bugs, which OSX and Linux have their fair share. Interestingly enough some of the wireless bugs affected more than one OS.

These are vulnerabilities, which obviously need to be addressed, but just because they found more kernel bugs in OSX, Linux, and BSD, doesn't mean Windows is suddenly 'secure.'

 

[AppleIntelRock]

it's time for apple to really make osx more secure then windows.

 

[SMM]

Apple really really needs to get on this... As far as some Script Kiddie wanting to make a name for themself the mass of mac users would need to be higher. There are still currently not enough mac users to warrent such acts, you would not get notice. I feel that a lot of coders find holes in XP because then they can exploit big business, were as macs are more often than not home computers. If apple its athe big 10% mark this will all change.

How do you know they are not on it? You don't right? The source of these reports is the people who want to sell you their security software. They capitalize on our fear. The author notes he spent most of his time on Mac and Linux. Very little time was spent on Windows/Vista. Well, that makes sense if you are trying to sell software. Everyone already installs it on Windows. No sales opportunities there. So, go scare yourself a new market with the people who do not need it. It even works better if you can create some mistrust amongst the user base. Just plant the seeds of doubt the manufacturers are unwilling, or unable to protect them. You are their savior.

I do not have a Pollyanna view on this. I have no doubts that threats exist and an aggressive, on-going effort is crucial. But, the real solution is to fight this crime with the seriousness it deserves. That means mandatory prison sentences, equal liability for facilitation and for profiteering, etc.

 

[Snowy_River]

...that's just because it's a "feature" of the particular video technology (e.g. in Real Media or Windows Media streams you can embed code to open a browser window)...

And QuickTime, too. There are QT movies that will send you to a web page at the end of the film. It seems to me the trailer for Spiderman 2 did this.

 

[coolfactor]

I don't know but is the Adware related to this:

Sometimes when I download videos from LimeWire, and run then it will bring up a browser window and open a site. Essentially an ad. Do this supposed hole cause this?

Apple definitely needs to get more serious about security. As more people start to buy Macs, more people will start to tinker and find holes. I hope Apple will rise to the challenge.

I bet you're downloading .mov files. QuickTime .mov files have interactivity features that are being exploited by pornography websites to redirect you to their site.

I would strongly advise against dropping your Limewire habits and moving towards more legitimate sources for your content.

 

[840quadra]

... As far as some Script Kiddie wanting to make a name for themself the mass of mac users would need to be higher. There are still currently not enough mac users to warrent such acts, you would not get notice......

I hope you understand what exactly you are saying. Under 10% is still Millions of systems. Included in that small percentage are hundreds if not thousands of businesses, thousands of schools, and many home businesses. Like anything in life, there are people that like the easy stuff, the work that effects the most people, or the work that provides the most challenge.

Worldwide impact is likely motivation for some hackers, however it doesn't include all of them!

I would strongly advise against dropping your Limewire habits and moving towards more legitimate sources for your content.

I am 100% in agreement with this statement! Besides P2P shares like this are a hotbed for corrupt files, trojans (windows world(for now)), and it is being cracked down more and more every day.

 

[Snowy_River]

Okay, now I might end up being branded as an Apple apologist for this, but this thread is bugging me.

Really, people, lighten up! It's like the corner of the carpet is smoking a little bit and people start shouting about how the whole house is about to burn down.

Now, certainly, these issues should be looked at with all due diligence. But do you honestly think that Apple isn't? Do you honestly think that Apple has simple ignored security all this time? Certainly not. The fact that OS X is as secure as it is clearly shows that Apple has done a good job so far. Now, maybe we've crossed an invisible barrier on the scale of the visibility of the platform, and now a lot more people are trying to target OS X, so more vulnerabilities are being found. But, there really is a big difference between a vulnerability and an exploit in the wild. iAdware is the closest thing to a true exploit I've heard of to date, and we don't even know what kind of vector it uses to get itself installed.

So, really, lay off the heavy handed "Apple has to start paying attention to security" nonsense. The implication that Apple hasn't been paying attention to security is just irritating, to say the least.

 

[Snowy_River]

I hope you understand what exactly you are saying. Under 10% is still Millions of systems. Included in that small percentage are hundreds if not thousands of businesses, thousands of schools, and many home businesses. Like anything in life, there are people that like the easy stuff, the work that effects the most people, or the work that provides the most challenge.

Worldwide impact is likely motivation for some hackers, however it doesn't include all of them!

Yes. This is part of why the low market share argument always seemed a bit weak. One can argue that there is a threshold beyond which a platform starts getting more attention from malware writers, but to argue that OS X had a small enough market share such that NO malware writers were trying to write a virus, trojan, worm, adware or spyware has just never made sense.

 

[cloud 9]

An interesting read in response to the kernel panic ability of the .DMG vulnerability:



http://alastairs-place.net/2006/11/dmg-vulnerability/

A very insteresting read.. most of which I only barely grasp. Object oriented programming just makes my eyes glaze thinking about it.. The gist:

i don't understand why everyone is ignoring this guys' post. i'm not a computer engineer, so can someone with the right knowledge explain this a bit more? is it really adware or just a bug? 🙂

 

[miketcool]

Most of these Mac attacks seem to be more predominant with social engineering hacks and user error, than comprised code.

On a feTw occaszzzions I have noticed that MY CAT HAS A TENDENCY to hacsssk my laptop when I12212111113e'm trying to fill out threadwww replies on 432222222222222222 macrum2ors3. I'm thinking apple might still be AT FAULTQ ON THIS QONE.

 

[840quadra]

Okay, now I might end up being branded as an Apple apologist for this, but this thread is bugging me.

Really, people, lighten up! It's like the corner of the carpet is smoking a little bit and people start shouting about how the whole house is about to burn down.

Now, certainly, these issues should be looked at with all due diligence. But do you honestly think that Apple isn't? Do you honestly think that Apple has simple ignored security all this time? Certainly not. The fact that OS X is as secure as it is clearly shows that Apple has done a good job so far. Now, maybe we've crossed an invisible barrier on the scale of the visibility of the platform, and now a lot more people are trying to target OS X, so more vulnerabilities are being found. But, there really is a big difference between a vulnerability and an exploit in the wild. iAdware is the closest thing to a true exploit I've heard of to date, and we don't even know what kind of vector it uses to get itself installed.

So, really, lay off the heavy handed "Apple has to start paying attention to security" nonsense. The implication that Apple hasn't been paying attention to security is just irritating, to say the least.

Good points,

I agree with some of your points. Apple has done a good job historically, and currently with regards to security. I am not worried that my system is going to be taken over, or hacked the moment I go onto the internet, or sign into a public WIFI.

I do not agree that lower our demands for Apple with regards to security expectations. Now is Apple's chance to prevent getting an image that their competition has, with regards to holes in security. Apple themselves have advertised that Spyware, viruses, etc, are not part of the OS X experience. In my opinion, that may be received as a challenge, or incentive for someone to make that argument a fallacy.

 

[backsidetailsli]

still better than windoze

 

[spicyapple]

On a feTw occaszzzions I have noticed that MY CAT HAS A TENDENCY to hacsssk my laptop when I12212111113e'm trying to fill out threadwww replies on 432222222222222222 macrum2ors3. I'm thinking apple might still be AT FAULTQ ON THIS QONE.

LOL! Bad kitty! 🙂

Welp, there is a trojan script you can run that'll wipe out your entire home directory, if you're not careful.

luv ya bunches! xoxoxo

 

[AppliedVisual]

On a feTw occaszzzions I have noticed that MY CAT HAS A TENDENCY to hacsssk my laptop when I12212111113e'm trying to fill out threadwww replies on 432222222222222222 macrum2ors3. I'm thinking apple might still be AT FAULTQ ON THIS QONE.

My cat is 1 l33t h4x0r too. Although, he's more of a problem at my desktop and he ALWAYS comes around when I'm gaming online and usually at a critical moment. ...He just knows.

I think I'm filing a patent for a USB-powered cat-zapper notebook/display peripheral tomorrow. 😀

 

[shawnce]

i don't understand why everyone is ignoring this guys' post. i'm not a computer engineer, so can someone with the right knowledge explain this a bit more? is it really adware or just a bug? 🙂

This is the summary from that page...

So, what have we learned:

• It is not a memory overwrite bug.
• It is not exploitable, except in that you can kernel panic a machine if you can persuade a user to double-click a damaged dmg file.
• It is not, therefore, possible to use this bug for privilege elevation or to execute arbitrary code in the kernel.

I looked over his code analysis and I agree with his conclusion about it not being possible to corrupt memory (hence not possible to inject code). So it is at worst a denial of service type attack.

 

[tny]

No, that is not Adware. Adware is a program that is installed *on your computer*, so it can launch windows whenever it wants.

I think he's saying that LimeWire is opening the popups when no browser window is open. That's not "adware" in the sense in which we're talking about, which is a hidden background program that opens browser windows randomly no matter what application you're running.

 

[wtfk]

Exploits?

I'm still waiting to hear that someone--anyone--has actually been exploited by one of these "exploits."

 

[Snowy_River]

...
I do not agree that lower our demands for Apple with regards to security expectations. Now is Apple's chance to prevent getting an image that their competition has, with regards to holes in security. Apple themselves have advertised that Spyware, viruses, etc, are not part of the OS X experience. In my opinion, that may be received as a challenge, or incentive for someone to make that argument a fallacy.

Perhaps you missed me saying "Now, certainly, these issues should be looked at with all due diligence"? Again, I agree that Apple needs to keep on top of these vulnerabilities. With a little luck, we'll see a new security update within the next week or two that will patch most, if not all, of these. My objection was not to wanting Apple to fix these vulnerabilities. My objection was to the tone that suggested that if we didn't mount a public outcry, Apple would ignore these altogether, and by January 1st there'd be as many viruses on OS X as on Windows. It's the alarmist nature of so many of the posts here that I found objectionable. Give Apple the credit it's due, and trust that they are working on patching all of these vulnerabilities right now. How hard it is to patch them will determine how long we'll have to wait for the security updates.

I'm still waiting to hear that someone--anyone--has actually been exploited by one of these "exploits."

Yes, actually they're vulnerabilities, not exploits. There's a big difference. Determining a way to utilize a vulnerability as an exploit is no small challenge. And I'm with you. While I'm eager to see Apple plug these holes, I'm not worrying about the boat sinking until I see some water start to come in... 😉

 

[XnavxeMiyyep]

F-Secure sells security software for getting rid of adware.
F-Secure claims to have found adware for Mac without providing evidence.

COINCIDENCE!?

I think not!

 

[kalisphoenix]

I know I'm going to get labeled as a mac zealot and linux apologist for asking this, but isn't it weird how the project spent ALMOST ALL OF ITS TIME looking for ways to crucify OS X/Linux, but they avoided MS like the plague, as if they were afraid to make them look bad?

"I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC"

Riiiight. 😛

I wish ten times as many people were working on finding bugs in OS X. Or a hundred.

 

[JoeG4]

I wish they'd spend that time being productive writing new and cool things instead of worrying about what may possibly happen.

Security should be something that's handled at the low level, not something we have to sit here BSing about all day long and installing programs for. That's the part that bugs me about these stupid &W%@#%*( companies and MS' "anti crapware" program. THE PROBLEMS SHOULD NOT EXIST IN THE FIRST PLACE. Boy, that's what patches are for.

Looking for em is fine, but when people stop making stuff and worry more about designing security crap - **** we'll all be driving aronud armored cars.

 

[theheyes]

After the Month of Kernel Bugs, are you concerned about Mac OS X security?

No - 62%


See, that bugs me. Everyone should be concerned about security. I believe OS X's overriding security feature is obscurity, and once that situation changes I can see the OS falling over very quickly.

One of the weakest links in the chain is the user, and if the user is not concerned then you have a problem.

Dont get me wrong, I think OS X is great, but it just hasn't been "weathered" in the wild like Windows has. If OS X becomes a viable target then we're in for a bumpy ride.

 

[toniv]

Old news

Hi, you all!

This iAdware thing is old news and has been already fixed in latest security update by Apple.

Greetings from Finland,
Toni

Installer

CVE-ID: CVE-2006-4404

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8

Impact: When installing software as an Admin user, system privileges may be used without explicit authorization

Description: Admin users are normally required to authenticate before executing commands with system privileges. However, the Installer allows system privileges to be used by Admin users when installing certain packages without requiring authentication. This update addresses the issue by requiring authentication before installing software with system privileges.

 

[hulugu]

After the Month of Kernel Bugs, are you concerned about Mac OS X security?

No - 62%


See, that bugs me. Everyone should be concerned about security. I believe OS X's overriding security feature is obscurity, and once that situation changes I can see the OS falling over very quickly.

One of the weakest links in the chain is the user, and if the user is not concerned then you have a problem.

Dont get me wrong, I think OS X is great, but it just hasn't been "weathered" in the wild like Windows has. If OS X becomes a viable target then we're in for a bumpy ride.

OSX is based on FreeBSD, which has been around for an eternity and includes modules from even older Unixy stuff. There's paying attention, there's worrying, and then there's running around with your hair on fire digging for a bomb shelter with your bare hands. We're at the pay attention stage.
MOKB showed that the kernel can be a source of bugs and that OS design should incorporate this problem into the design. This doesn't mean panic or worry or take a pair of scissors to your broad-band connection, this means Apple has some things to fix. It also showed that wireless is inherently insecure and the problems with drivers can affect Windows, Mac OSX and Linux.
Again, MOKB isn't all that important, it's Apple's response to problems that really matters.

 

[hulugu]

Hi, you all!

This iAdware thing is old news and has been already fixed in latest security update by Apple.

Greetings from Finland,
Toni
...

The iAdware is just one of the vulns discovered this month, the Month of Kernal Bugs found several problems in the kernel space of OSX. A few of these have been fixed, but others remain, Apple however responded quite quickly to the iAdware problem.