Tuesday, March 07, 2006

MAC Owners Beware!

In past blogs and in my old newsletter, I've covered Windows vulnerabilities and flaws on a fairly regular basis. My stories usually were on the real bad ones, since Windows has had so many flaws in the past that I probably could have written almost every day on newly discovered flaw. Over this same time, I have heard from many MAC users that their operating system is so much safer and better than Windows.

While I won't disagree with those comments, I thought I would pass along an amazing story on a MAC flaw that is a little scary if you own a MAC.

It seems that a fanatical MAC fan in Sweden wanted to prove to the world that MAC's are invulnerable to hackers. I might add at this point that most MAC owners seems to be, in my opinion, fanatically loyal to Apple, almost beyond reason sometimes. Anyway, in late February, this MAC owner set up his MAC Mini running the current OS X operating system as a server. He invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications. Participants were given local client access to the target computer and invited to try their luck.

Within a few hours of going live, the competition was over. The hacker who won the challenge said he gained root control of the Mac in less than 30 minutes. "It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits, of which there are a lot for Mac OS X"

The hacker also said that while the MAC could have been better protected, it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple Computer. The hacker concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by Apple. Earlier this year, a respected security researcher who has already been credited with finding numerous vulnerabilities in OS X, said that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

Nothing is perfect, is it?


No comments: