PC Pals Forum

Technical Help & Discussion => Apple, Linux & Open Source Software: Help, News & Discussion => Topic started by: Simon on April 16, 2009, 23:10

Title: Security holes in Mac and Linux platforms
Post by: Simon on April 16, 2009, 23:10

The Register reports that a set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.

H Security reports on a series of actively exploited vulnerabilities in Apple's Mac OS X operating system that remain unpatched. A vulnerability in mounting malformed HFS disk images creates a privilege elevation risk, allowing regular users to obtain root privileges.

Other exploits involving kernel system vulnerabilities create a means for hackers to crash vulnerable systems. Lastly, another unpatched flaw in AppleTalk poses a system crash (though not code injection) risk.

The flaws were first demonstrated at the CanSecWest security conference last month but remain unpatched, H Security adds.

Separately security researchers have unearthed a potential method for dropping rootkits onto vulnerable Linux systems. Anthony Lineberry, senior software engineer for Flexilis, is due to demonstrate how to hack into the Linux kernel by exploiting the driver interface to reach into physically addressable memory. At a session during the BlackHat security conference in Amsterdam on Thursday afternoon. The attack represents a new spin on a well understood class of risk, Dark Reading adds.

Properly carried out, the attack approach allows malicious processes to be hidden, hijacked system calls, and remote backdoors onto compromised machines to be established without creating much in the way of clues that an attack is taking place.

http://www.theregister.co.uk/2009/04/16/alternative_os_flaws/

Title: Re: Security holes in Mac and Linux platforms
Post by: Rik on April 17, 2009, 00:54

Sam's gone all quiet.  :devil:

Title: Re: Security holes in Mac and Linux platforms
Post by: sam on April 17, 2009, 08:19

you mean I wasn't awake???  :crazy:

Of course there are holes.... I write software there are always going to be holes but the way of getting into these systems is much more difficult than windows. The best security is awareness and the majority of unix-like operating system users are on average much more aware than our Microsoft friends - this is the true value of linux. It is also much more secure in the number of open systems it offers to the world. Also there is nothing 'New' about this sort of attack. People have had demonstratable attacks like this for the past decade or so.

These things are normally patched quite quickly though...

Title: Re: Security holes in Mac and Linux platforms
Post by: Simon on April 17, 2009, 11:07

Much the same could be said of Firefox, Sam.  :)

Title: Re: Security holes in Mac and Linux platforms
Post by: Rik on April 17, 2009, 11:23

And often is...