Linked by Thom Holwerda on Tue 3rd Oct 2006 08:32 UTC, submitted by Jon Mchitel
Privacy, Security, Encryption Computer code that exploits a flaw in Apple's Mac OS X was released over the weekend. The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then. "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. Obviously anything but spectacular (since it's fixed), but it does raise the age old question: will the growing popularity of both Linux and OS X lead to more of these exploits-- possibly one that does get released 'in time'?
Permalink for comment 167818
To read all comments associated with this story, please click here.
Understanding timing..
by looncraz on Tue 3rd Oct 2006 17:32 UTC
looncraz
Member since:
2005-07-24

To understand the timing of this, you could probably assume a few things about the creator of the exploit.

Firstly, either the individual has money problems, or just not much extra to spare on minor things, such as purchasing MacOS X updates.

So, we could assume that the MacOS X version on the perps machine was out of date, and probably still is.

Not only that, this should help explain why viruses (p. virii ? - what I was taught in school, but wrong it seems... stupid American school system) are often behind the curve in "rapid-fire-patched" systems, such as Mac OS X, Linux, (and soon) Haiku.

This is not a bad thing, just the way the world works. Just like in the Windows XP world, where you could be running anything from Windows 2.1 Interface Manager to Windows Vista RC1+, and EVERYTHING in between.

There are likely viruses written to exploit flaws that may have only been present for fifteen minutes, on one system, because of an odd software combination (I have fought with these types myself on systems configured close enough to allow *harmful* infection).

Of course, I would be most just try and use Windows Kernel calls... so, if Vista truly secures the Kernel, that could make Windows finally usable and tolerable again.. if you ignore whatever you may hate about it (I hate nearly everything, usability-wise, about it).

All of the above seems to be a good reason why to stay up-to-date. Well, depends on what your running. Keeping Windows up to date has been, historically, a pain in the arse. Not because the updates were hard to find, hard to install, or anything like that. No, it is the fact that at least 1/3rd of every Critical Patch released by Microsoft for XP was incompatible, in some form, with well.. XP! Meaning, to get one patch, one normally had to get many many many more, first. That, in and of itself, is only a minor annoyance thanks to the relative ease of use of the updating service.

The problem, is, as usual, the registry. Nearly 1/3rd of the time, when I actually would use Windows for something, when I decided to go ahead and patch it up some.. maybe to get USB2 working, whatever.. I had to reformat and start over after one of the fifteen or twenty or thirty or forty patches were installed, one after another, with no stability or compatibility checking during the process.. no logical checks at all it seemed... just copy this into file X at offset 0x33ff blah blah...

This is not true on all machines, I have a couple of customers running Windows XP Pro, from day one, and have automatically had EVERY patch applied... at release time, pretty much. In this case, which is rare, the XP systems both went down at the same time, on the same day, in the same hour... I got the calls.

Problem? Virus? Spyware? Nope, none of that on either.. just some bad update was installed. Removed, fine and dandy, Windows XP re-installed the patch about 5 seconds after reboot on one (and crashed instantly), and I disabled automatic updates in Safe Mode on the other (learned my lesson from the first, which I fixed also, of course).

So now, why do virus writers write viruses? Personal reasons in some cases, just for 'fun' in others, to push the envelope, to act out against society, to lash out a particular software product, whatever the case may be. Popularity has only as much to do with it as there are people who understand how to use what they are using to such an extreme.

Slow adaptation to a new platform is common. We all have pretty much gone through the rigeurs of learning and adapting to a new software platform, even if just between one version of Windows to the next, you know the learning curve.. even just for USING it. The learning curve for creating malware is, always higher.

If you are a developer, then you can just imagine that if you make your API full of holes and gaps, you will lose one part of the virus making audience. If you are not #1, you lose another part. If you are not Windows, or don't act anything like Windows internally, you lose a large chunk of the virus-making potential.

If you run out and scream: I'M BULLETPROOF!!! Someone may just shoot you... to prove you right! (i.e. Firefox's understandable ignorance - not idiocy).

If you run around and say, nothing on my system makes me secure, I just have no Windows compatibility, no Linux compatibility.. whatever, I'm safe enough... then you need to think about one very important item than is a security hole that IS exploitable... and exploited, on EVERY OS that supports it (which is very, very, many)... The TCP/IP stack, ftp/http servers (any of them, really), ANY system-critical application or server than can be killed, frozen, whatever.

Using BeOS, I can see that my possible points of vulnerability are enormous. The only thing I can not kill on my system, is the core thread of the kernel. And only, just that one thread!!! But, only one virus has ever been known for BeOS. Why? We haven't attracted the virus making audience yet by being placed in a position to be hacked.

Virus writers are usually not worried about the home machines, except to breed user contempt for the OS. No, normally, a virus is targeted to some specific internet-centric feature.. such as IIS, Apache (or other server products), Eudora or Outlook, Internet Explorer, Firefox, Norton (worst thing to have on your system, IMHO, if you don't want viruses)...

Windows screwed up in XP and left the Messenger service running (a service which is DESIGNED to allow network (a.k.a. internet) - born infections..errr..messages... to be placed on your Windows box.. with no exploits needed!!!!!!!!!!

XP also has the Remote Procedure Call service ( and others ), which can safely be killed and restarted a thousand times a session without harming the system, setup to lock you from your machine, with no cancel button, until it restarts.. but at least it gives you a countdown....

Don't run the services and most targeted software, even on Windows, and you are not likely to be targeted by a virus writer intentionally. Meaning, don't use popular software... even if it just happens to be popular because of how secure it is. Bull, everything is flawed! It just matters on the user knowing what to avoid to prevent infection.. and on many systems the only way not to get infected (because they use all the biggest software products available (Dell is BAD with this, as is HP, et al)) is to unplug from the internet, never place a CD-rom or disk in any drive without scanning on a non-Windows (read: non-major) software package first, etc... It can become a real pain if you 100% cannot afford to have a single infection.

Regardless of OS.

--The loon

Reply Score: 0