Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017
- Thread starter MacRumors
- Start date
- Sort by reaction score
I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.
And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]
This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.
It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Notice that the menu bar is neither Safari nor Calculator. Hence this is likely an "abritrary code execution" vulnerability. From the description, it's likely that they exploit Safari to run their own application which in turn has a custom touch bar display.
No, this I understand completely. You'll notice my response was to a user who cavalierly stated that he knows developers that could do this kind of thing like it's nothing. IF that were the case they're doing themselves a terrible injustice by not profiting (or if they're whitehats, disclosing) off their clearly superior exploit finding abilities.
Or the more likely scenario, that poster knows nothing of computer security or what is entailed in finding and utilizing exploits.
It's a bit frightening that Apple (and other developers) don't lock this stuff down from the start.
Surprising that issues ever really exist as they should be resolved before they even come into existence.
Any of what? If you're asking what my point is, it's simply that the increase in exploits we're seeing on Mac OS is concerning. Particularly that our touch bars can be "pwned" by hackers. Apple has vast resources, so this shouldn't be the case.
How is my point not obvious to you?
That much is obvious. What's also obvious is that all issues can't be foreseen and dealt with ahead of time since if they could then there wouldn't be any issues out there.
Of course, but don't you believe that we should hold companies like Apple to a higher standard when it comes to security? There will always be exploits that either can't be foreseen or can't be avoided (e.g., Heartbleed), but shouldn't companies like Apple, who in exchange for historically unprecedented profits have become custodians of our most personal and vital information, at least be held responsible for locking down what is reasonably foreseeable?
Has Apple been having a lot of security issues? More or beyond the level of the rest of the industry? Is there something that happened here or elsewhere that higher standards need to be applied to Apple than others? Higher standards such as imaginary perfection?
Having said all that, seems like the rest of the thread prior to its resurrection today, seems to address most of that fairly well already, so it doesn't really seem all that useful to go around in the same circles when it's all been already hashed out and is right there already.
Well, basically, yes. See, Malware Attacks on Macs Up 744% in 2016, Mostly Due to Adware
Yes, it's mostly due to Adware, but the article does state, "While most of the surge in Mac malware was adware, we've still heard about some alarming Mac-based attacks over the course of the last year, including ransomwaredistributed via trusted BitTorrent client Transmission, Backdoor.MAC.Eleanor, Xagent, which could steal passwords and iPhone backups, and more."
As I agreed previously, perfection is impossible, but locking down what's reasonably foreseeable is more than possible and should be expected.