You're viewing an article in iPO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site: Security Researcher Slams Apple on Security, Offers Blueprint for OS X Exploits
Security Researcher Slams Apple on Security, Offers Blueprint for OS X Exploits
Friday, August 3rd, 2007 at 4:50 PM - by
Dr. Charles Miller criticized Apple's approach to security with Mac OS X, and by extension the iPhone's OS X at the Black Hat Briefings conference, saying the company has been negligent in some areas, and has bad practices, to boot. To illustrate this, Dr. Miller said that Apple has a bad habit of including out of date Open Source code in OS X, which makes finding and developing exploits easy, according to a CRN report.
Dr. Miller, a fan of Mac OS X who likes Macs and "loves" his iPhone, garnered headlines in July when he announced that he could gain control of and access to an iPhone through a WiFi network, or by getting an iPhone owner to visit a maliciously crafted Web page through Safari. Dr. Miller and his team at Independent Security Evaluators withheld details of the exploit until Apple released a patch for it, but he warned that additional exploits from the same Safari problems are going to be found, and that it will be the bad guys -- people intending to use the exploits, and not report them to Apple -- who will do so.
The problem, according to Dr. Miller, is Apple's habit of including outdated versions of Open Source software in Mac OS X and OS X, versions with known vulnerabilities. Accordingly, he said, it was easy to find ways to exploit the operating systems.
"Here's my formula for finding a zero-day [vulnerability] on a Mac; here's what you do," Dr. Miller said in his presentation. "First, find an open source package that they use that's out of date -- there's plenty of those. Read through the changelog for the current version of that software, find a usable bug that's been fixed in the newer versions. And you're done. You don't have to worry about static analysis or fuzzing or any of that stuff."
For instance, Dr. Millers said that the Samba exploit his team found through its own fuzzing techniques had been found and patched within the last year, but that the version of Samba being used in Mac OS X and OS X hadn't been patched since February of 2005.
For this reason, the researcher said that Apple was actually behind Microsoft when it comes to security. On the other hand, CRN quoted security researcher Dino Dai Zovi, who said that Apple has both strengths and weaknesses in the security realm. He pointed out that Apple has a track record of getting security issues patched very quickly, something he said Microsoft has a track record of doing rather slowly.
Be that as it may, Dr. Miller said that iPhone's high visibility is going to bring heightened attention to the platform from the bad guys, effectively putting to a test the notion that Mac OS X's superior security reputation is more an issue of security-through-obscurity, rather than security through superior design. Dr. Miller is of the opinion that the former is the case, and that Apple needs to improve its security practices.
- Editorial - It's Time for the Promised, Unlocked iPhone 3Gs
- Wal-Mart Employees Confirm iPhone Rumors
- The RIAA vs. 19 Year Old Cancer Patient
- Mac Gaming News - Gameloft Brings Hero of Sparta to the iPhone
- Free on iTunes - Return to the Moon, JPL, Stranger Things And More
- Apple Claims 300 Million App Store Downloads, 10,000 Apps Available