Researcher Set to Announce 20 Zero-Day Holes in Mac OS X

Discussion in ' News Discussion' started by MacRumors, Mar 19, 2010.

  1. MacRumors macrumors bot


    Apr 12, 2001


    The H Security reports (via The Inquirer) that noted cybersecurity researcher Charlie Miller is set to announce the discovery of twenty new zero-day holes in Mac OS X that could offer hackers means of entry to compromise computers running the operating system. As zero-day holes, Apple is currently not aware of their existence, and thus has not yet had the opportunity to address them.

    Using the controversial "security through obscurity" argument, Miller claims that Mac OS X users have typically been relatively free of malware threats due to a lack of hacker interest in the relatively small user base, not necessarily due to Mac OS X being more secure than other operating systems.
    Miller is set to reveal his methods of finding the vulnerabilities, which include "fuzzing" systems by bombarding them with an overwhelming quantity of corrupted data, at the prominent CanSecWest conference next week in Vancouver. He is not, however, planning to disclose details of the security holes.

    Article Link: Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
  2. Eidorian macrumors Penryn


    Mar 23, 2005
    I remember seeing this in my RSS feeds this morning. Time for more security updates.
  3. marksman macrumors 603


    Jun 4, 2007
    I will agree that Windows is like living in the bad part of town.

    If only everyone were as noble as these people.
  4. Ca$hflow macrumors 6502


    Jan 7, 2010
    London, ON
    I hope not. My primary reason in switching with a mac was no viruses and easy to use interface.
  5. strike1555 macrumors 6502

    Jun 29, 2009
    I'd lvoe to see an Apple apologist answer this.

    Fact is, nobody gives a $%^& about a mac.
  6. flopticalcube macrumors G4


    Sep 7, 2006
    In the velcro closure of America's Hat
    Long may that continue.
  7. uaecasher macrumors 65816


    Jan 29, 2009
    Stillwater, OK
    don't really care why I'm safe, important thing that I'm safe :) and 20 holes is really small compared to millions of viruses.
  8. notjustjay macrumors 603


    Sep 19, 2003
    Canada, eh?
    I dunno. Every time someone even says the word "virus" all the Mac fans jump out and say things like "Not for us! There are no viruses for the Mac!" (Myself included.) For the last 10 years, it's been the same smug, condescending battle cry. "No viruses! Not here! Not us!"

    You don't think that the first guy to create an actual, self-replicating virus on OS X, the first guy to prove them all wrong, the first guy to stick it in everyone's face, wouldn't become as famous as Steve Jobs and Linus Torvalds themselves?

    You don't think that somewhere out there is a hacker who wants to make a name for himself?

    That's why I don't buy "security by obscurity".
  9. jrath1 macrumors member

    Jun 16, 2005
  10. nkezhaya macrumors newbie

    Jan 6, 2010
    Hopefully the 0-days will get released after they're patched!

    Maybe before the MBPs get updated.

    (I'm just kidding. Pigs will fly before the MBPs get updated.)
  11. Earendil macrumors 68000


    Oct 27, 2003
    Answer what? There isn't a question.

    I've never been under the illusion that OS X was perfect. Nor have I thought that the smaller market share or higher computer literacy among those that use OSX was a deterrent for hackers trying to make a buck.

    However, The existence of those bonuses to OS X security does not mean that OS X is not build atop a more secure foundation.

    Besides, as a consumer it's an easy choice: Windows has holes that are exploited on a monthly basis. OS X has no known Viruses or Worms in the wild. For all intents and purposes, it is currently in a state of perfection. When someone managed to bring hollywood to its knees, or 25% of college students across the US lose their senior projects, then we'll have a problem. But no one has managed that yet.
  12. jaw04005 macrumors 601


    Aug 19, 2003
    I wonder what access to physical hardware and social engineering his security holes will need? In the past, many of these exploits required quite a bit of user intervention including the administrator password.

    For example,

    "No one was able to execute code on any of the systems on Wednesday, the first day of the contest, when hacks were limited to over-the-network techniques on the operating systems themselves. But on the second day, the rules changed to allow attacks delivered by tricking someone to visit a maliciously crafted Web site, or open an e-mail. Hackers were also allowed to target "default installed client-side applications," such as browsers.

    The team had attack code already set up on a Web site, and was able to gain access to the MacBook Air and retrieve a file after judges were "tricked" into visiting the site. According to the TippingPoint DVLabs blog, a newly discovered vulnerability in Safari was used to gain control of the Air.

    Last year's contest was won by exploiting a QuickTime vulnerability, which was patched by Apple in less than two weeks.”

    By the way, before anyone gets too crazy bashing this guy — I believe the rules of the conference dictate that he sign a NDA and that all exploits will be reported to Apple.
  13. sbrhwkp3 macrumors 6502a


    Jul 17, 2005
    Lake George, NY
    You won't run into problems with viruses. I wouldn't worry about it.
  14. calvy macrumors 65816

    Sep 17, 2007
    every piece of software has holes in it. Mac is no exception. I hear even Linux sometimes has security holes. gasp.
  15. err404 macrumors 68020

    Mar 4, 2007
    20 security issues really isn't that bad. Every OS X security update fixes at least that many. I'm curious if Charlie Miller has submitted these to Apple, or is he sitting on them for his own publicity?
  16. Disc Golfer macrumors 6502a

    Dec 17, 2009
    Fair enough, but head-in-sand was never an effective defensive strategy. Once I knew a girl who grew up in a farmhouse in the country, her family never locked their cars and kept the keys in the visor in case anyone needed to move a car out of the way when taking the boat out or something. When she moved to the city for a job her car was always getting stolen because it simply never occurred to her to lock the doors or not leave the keys in the glovebox.
  17. millertime021 macrumors 6502a


    Jan 28, 2010
    Mac having no viruses? Really??? Of course Mac's can get viruses... Every computer/OS can.

    Mac's just have less, due to the "less interest".
  18. waloshin macrumors 68040

    Oct 9, 2008
    Yes, but Linux has a larger team then Apple and Linux os get patched sooner.
  19. Ca$hflow macrumors 6502


    Jan 7, 2010
    London, ON
    I suppose viruses and security holes are two separate things. Trojans a third? How many more bad things are there?
  20. 6-0 Prolene macrumors 6502

    Feb 11, 2010
    I'm sure his silence to the press will be rewarded nicely by Apple, maybe even with a consulting job.
  21. ghostface147 macrumors 68030


    May 28, 2008
    Good. Expose OS X for what it is, swiss cheese. This is one area where Apple needs to take the M$ standpoint and be upfront about security updates and when they will be patched. Their arrogance hinders them in the security field.
  22. nefan65 macrumors 65816


    Apr 15, 2009
    All systems, and OS' have vulnerabilities. They'll never be 100% It's really a matter of who has the least, or is least vulnerable. So as long as there's Windows and MS, then they'll have the lion's share.

    I used Windows systems for years, and never had a virus or security issue. My reason for leaving was the instability of the OS itself, and poorly written programs. Had nothing to do with viruses or 0 day security holes.

    Some people are just prone to these things. It's like telling a kid to not touch the wet paint...5 minutes later they're standing in front of you, with a finger covered in wet paint...:)
  23. interconnect macrumors regular


    Nov 15, 2007
    i think it's important to note that a lot of "hackers" use macs themselves. i used to know a lot of people that were insanely good with computers and were definitely capable of hacking... every single one of them used a mac as their primary machine.
  24. dejo Moderator


    Staff Member

    Sep 2, 2004
    The Centennial State
    Name one.
  25. Earendil macrumors 68000


    Oct 27, 2003
    Well, there are two reasons to make a virus like that. Fame, and money.

    Certainly the majority of viruses and worms are out there to make the owner some money. So you could claim that Apple's smaller and smarter market is not worth the trouble. HOWEVER, There is certainly fame to be had to write a virus that nails ever Apple computer to a cross, and guess who the smarter crackers generally are, the money makers or the "for the fun and fame"?

    The really brilliant ones do it as a hobby. That there isn't even ONE Virus out there says a lot.

Share This Page