The Black Hat conference underway in Las Vegas has revealed many interesting things, none the least of which is Mac OS insecurity.
Charlie Miller, researcher with Independent Security Evaluators (who found the first iPhone crack, first reported here on July 23), likes looking in Macs for bad security, because it’s easier to find vulnerabilities in Macs.
“Macs are easy to hack because they are easy to use…To enable them to be friendly they have a lot of setuid root programs.”
Good crash reporting makes looking into Macs easier, as does its consistency, because MacOS X doesn’t randomize anything, not stacks, heaps, or the location of dynamic libraries. This makes finding attack vectors far easier.
Exploiting old versions of open-source software, often many versions older than current, is Miller’s most powerful tool. He noted until the last OS X update, Apple’s version of Samba had a remote exploit known since February of 2005, so a way to find a zero-day bug is to look for other out-of-date open source in the OS.