Hack a Mac - Update
April 20th, 2007 Drazen Drazic Posted in MAC Security |
http://www.securityfocus.com/news/11460
No more to add at the moment…… stay tuned. The SA guys are intrigued (in a good way!) that I am using a MAC now and are happy to leave mine alone.
They’ll get to it…….it does though still look like shooting fish in a barrel but who knows?
April 20th, 2007 at 6:42 pm
6 words for you to whack in to Google.
“osx remote code execution default configuration”
This must also be read as without user interaction of any sort.
Things like the below link prove deceiving when you read the advisories.
http://secunia.com/product/96/?task=statistics
“The code will run with the privileges of the target user”
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=osx
So we all wait for an apple worm, but may be waiting a while for anything serious due to the security architecture inherent in the actual use and abuse of the OS.
When CVSS give an OSX vul a high score I will perk up and notice, http://www.first.org/cvss/cvss-guide.html
MACH has some serious issues though when calls are made explicitly to it.
I have a lot of faith in these guys though http://www.matasano.com/log/mtso/chargen
“Our team has standardized on the Mac. We do Apple security research.”
Anyway enough of my posting on your blog for a bit, away for sometime so keep up the good work!
D.
April 24th, 2007 at 3:03 pm
No gaurantees that zero days are not out there being traded and found… and one conference does not represent all of hackerdom, but:
“No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.”
Doesn´t really count in my book
D.