Saturday, June 21, 2008

Surprise! Apple applications can get exploited too.

For years I had to listen to fanboys and cultists talk about how secure Apple's operating system was and it couldn't get rooted like a Windows system (or *nix). I wonder if they have any idea that they were completely full of shit.

No one and no thing is perfect. The more complex a system is, the more bugs (errors) that are introduced. As Mac OSX became more popular, more people began to test it for holes. They're being found. Fanboys need to figure out that while OSX may be more secure than Windows, it's kind of like being a taller midget.

Labels: , , , , , , , ,

10 Comments:

At Sat Jun 21, 01:11:00 PM EDT, Blogger Unknown said...

Ahh, "fanboys" and "cultists". And people wonder why Mac users are annoyed by Windows users. You sound like a spoiled 12 year old. There is far more fanboyism and FUD put out by the Windows community than will ever exist in the Mac world.

I know of nobody who has seriously claimed that OSX can't "get rooted like a Windows system (or *nix)." First of all, OS X is a *nix (it is a certified UNIX variant). Second, while not impossible to break into (obviously), it is significantly more difficult than with a standard Windows installation.

I really love how you seem to relish the fact that a hole has been found. It speaks volumes about you.

 
At Sat Jun 21, 01:32:00 PM EDT, Blogger Unknown said...

What exploit?

Several ways to solve the problem have now been suggested. The exploit doesn't work if the "Remote Management" option is enabled under Mac OS X 10.5 "System Settings/Sharing/" – but this is not the default setting. Neither does it work if the Apple Remote Desktop client has been installed and enabled under Mac OS X 10.4. Other suggestions are to completely remove the Apple Remote Desktop, to compress the file, or to delete the SUID bit in ARDAgent chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent.

http://www.heise-online.co.uk/news/Root-exploit-for-Mac-OS-X--/110968

 
At Sat Jun 21, 03:26:00 PM EDT, Blogger Neil Anderson said...

OH MAN! MY MAC HAS A VIRUS! IT ONLY TYPES ALL CAPS ... OH WAIT, my caps lock key was on. Oops. Sorry.

 
At Sat Jun 21, 05:17:00 PM EDT, Blogger Unknown said...

The only ones surprised are the "fanboys" (both Mac and PC), because everyone else knows that Apple exploits are found about four times per year, and they always get patched before anyone has time to figure out HOW to exploit it without either physical access to the machine, or making the user jump through a bunch of hoops.

I'm surprised the fanboys don't keep an archive of these things.

None of these exploits will be interesting until the first self-replicating worm/virus shows up. Until "lazy" Mac users can get infected, the fanboys and the haters will argue semantics and no one else will care.

 
At Sat Jun 21, 09:28:00 PM EDT, Blogger Susan & david said...

...further, you actually have to install the trojan to get it to work. This requires a user to specifically type their username and admin password in order to trigger it. This doesn't count as an "in the wild" exploit. This counts as very stupid users. They exist in the MAC world as well as the WINDOWS world. Just FYI, my WINDOWS XP runs within Fusion on my MAC. I never leave it on for more time than I need. That sucker'll install all manner of garbage without my help.
DM

 
At Sun Jun 22, 12:48:00 AM EDT, Blogger Lachlan said...

PK,

You linked to an article which explains it succinctly:

"The ARDAgent – Apple Remote Desktop – part of Remote Management has the SUID bit set. ARDAgent is able to run AppleScript with root rights and these, in turn, may contain shell commands – all without requiring a password."

The default settings allow this to happen. That's a bug. That's a REALLY BAD bug. How can you say, "What exploit?"

 
At Sun Jun 22, 01:16:00 AM EDT, Blogger Unknown said...

@Lachlan

It still requires a user to go download a special applescript to make it function.

It's simply not something that can be done remotely.

-

 
At Sun Jun 22, 01:34:00 AM EDT, Blogger Lachlan said...

Pk,

"It's simply not something that can be done remotely."

That's irrelevent. The only time I use OSX is as a non-root user; with this priviledge escalation, I could control the box. That's exploitable. Socially engineering a user to run a command as non-root that uses the priviledge escalation is trivial.

 
At Sun Jun 22, 12:29:00 PM EDT, Blogger Unknown said...

Lachlan,

Yes what exploit, you have to exploit yourself before it works. it doesn't install it self into your computer and take control of it.

If you exploit yourself that's too bad.Yea, not self propagating too like some others

But then I don't expect much from people who exploit themselves by downloading from unfamiliar site and install an app without question.

 
At Mon Jun 23, 05:06:00 AM EDT, Blogger Unknown said...

Lachlan - you really should get a clue... try here:
http://rixstep.com/2/20080622,00.shtml

'The Diary of Nod' indeed. WAKE UP boy!!

 

Post a Comment

<< Home