• Hi Guest: Welcome to TRIBE, the online home of TRIBE MAGAZINE. If you'd like to post here, or reply to existing posts on TRIBE, you first have to register. Join us!

More security problems bite Apple

alexd

Administrator
Staff member
Experts have uncovered a serious security hole in the way Apple software handles downloaded files.

The flaw could give malicious attackers a back door into Mac computers if users visit carefully crafted websites and download booby-trapped files.

Although no attackers were known to be exploiting the bug, experts said it was easy to write code to take advantage of the flaw.

Separately, three concept viruses for Apple computers have been discovered.

Virus outbreak

"This could be really bad," said a warning about the vulnerability by the widely-respected Internet Storm Center.

The discovery of the bug opens up Apple users to so-called "drive-by downloads" that plague users of the Window operating system and are used by makers of adware and spyware to install their software on victims' PCs.

Discovered by University of Ulm student Michael Lehn, the loophole arises because of the way that Apple's OS X operating handles downloaded files.

Although OS X displays an icon for files based on the suffix it finds on the program being downloaded, such as .jpg, it uses different criteria to decide what to do with these files.

This makes it possible to have files look benign by labelling them as images but, behind the scenes the operating system will know it is dealing with a proper program and run it as such.

Initially the flaw was thought only to affect compressed or zipped files but the Internet Storm Center said it can be used for any file that arrives on a target machine.

So far, no net-based exploits of the bug are known to be in existence but Apple is known to be working on a fix for the flaw. The operating system can also be made secure against the loophole by changing some preferences.

Proof of concept

Also reported this week were three variants of a second virus for Apple's operating system.

The new virus is called Inqtana and its three variants try to spread via Bluetooth short-range radio technology.

The risk to users from the virus is almost non-existent because the variants are only proof-of-concept bugs and none have been released to the wild.

The reports of the flaw in OS X and the virus variants makes three security alerts for Apple in less than a week.


Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/4739432.stm

Published: 2006/02/22 12:17:43 GMT

© BBC MMVI
 

oh toro

TRIBE Member
it will be interesting to see how malware develops on os x (or any unix) as the permissions model isolates user space from system processes. windows doesn't have this type of security which is why windows malware can easily infect and cause damage. in order for anything have root access (which is not enabled by default) or admin access, one must authenticate. so basically, one would have to assist malware in order for any damage to occur outside of user space.
 

Wardo

TRIBE Member
Worrisome news but what to do?

Yes, I also heard the news via BBC but it doesn't say exactly what to change in your preferences.

I checked the apple web site but found very little mentioned about it.

If anybody hears further please post.

Thanks,

Wardo
 
tribe cannabis goldsmith - gold cannabis accessories

Aerius Zension

TRIBE Member
There's also this one for you Safari users

http://www.pulse24.com/Business/Top_Story/20060222-001/page.asp

The price of popularity may be shattering the long held belief in the invulnerability of Apple computers.

It’s been a terrible week of revelations for the company, after the first virus specifically targeting the firm’s OS X operating system surfaced last Friday.

Since then, two more problems have been uncovered, with one potentially serious.

A student at a German university has detected a flaw in Safari, the Internet web browser that comes with the machines.

While the full explanation of the problem is technical and detailed, (you can read about it here) the bottom line is this – there’s a possibility hackers could send a downloaded file the browser is set to automatically accept, like a .jpg., and hide malicious code inside that a user wouldn’t know about until it was too late.

The student’s finding was published in an online article by a German company specializing in computer magazines.

“This could be really bad,” relates the Internet Storm Center, a site that tracks viruses and worms. “Attackers can run shell scripts on your computer remotely just by visiting a malicious website.”

The problem could leave Apple machines open to the kinds of spyware and problems that plague its Windows counterparts.

The article also raises concerns about the vulnerability of other programs, including its email applications.

So far, there haven’t been any known attacks and Apple pledges to issue a patch once it’s analyzed the problem.

In the meantime, the company has also been forced to deal with the second known bug targeting its products.

This one is called OSX.Inqtana.A, which can theoretically infect a machine through wireless contact. It follows the discovery of the OSX/Leap-A last week.

"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X ... illustrate this emerging trend," worries Vincent Weafer of anti-virus firm Symantec.

So far, neither bug poses a major problem. But experts worry that once the Apple virus train gets on track, there may be no way to derail it.

For years, the Mac maker's machines were deemed to be relatively free from problems, a point of pride among users. But with success inevitably comes those who would attack it.

And unless the company can nip it in the bud early, it may soon be faced with the same problems Microsoft has been living with for years – spending millions of dollars to fight an ever increasing number of infections meant to exploit perceived vulnerabilities.

And as the Redmond, Washington giant knows all too well, that's a costly war that never seems to end.
 

acheron

TRIBE Member
I love how all this attention is being paid to one or two exploits that basically do nothing unless the user LETS them, like as in leaves the door wide open. Who the heck logs in as root on OS10 anyway? Either way, let's just put this in perspective. How many viruses or trojans were discovered for Windows in the past year?
 

oddmyth

TRIBE Member
acheron said:
I love how all this attention is being paid to one or two exploits that basically do nothing unless the user LETS them, like as in leaves the door wide open. Who the heck logs in as root on OS10 anyway? Either way, let's just put this in perspective. How many viruses or trojans were discovered for Windows in the past year?
my thoughts exactly .. strange how alex always posts the anti-mac vibe...
 

Humanjava

TRIBE Member
oddmyth said:
my thoughts exactly .. strange how alex always posts the anti-mac vibe...
Funny thing about Mac. Tonight in a discussion of me getting back into a career so I can live and pay bills again I was looking back at my IT career. Talking to my girlfriend and how I do networks and some other stuff I basically said I was a comand line kind of guy. Maybe it comes from back in the days of Unix but the point was no matter what I typed on a Unix or Linux machine eg mounting a NFS system it just worked. Same thing on Cisco routers. Of course I am saying you did the commands right in the first place. Now take that to windows and there have been countless times things have been done right and exact and still had stupid errors or things not working. No ryme or reason for it either. So back to the mac story I was thinking when I was getting the two machines to talk how easy it was. How I could easily secure them and a few other things. No question about it Mac has the Superior OS and I am sure part of that is its Unix background. The only reason I ever used I PC was simply the power to price ratio and support that many networking utilites needed. This intel thing could be interesting though.
 
tribe cannabis goldsmith - gold cannabis accessories

Aerius Zension

TRIBE Member
acheron said:
I love how all this attention is being paid to one or two exploits that basically do nothing unless the user LETS them, like as in leaves the door wide open. Who the heck logs in as root on OS10 anyway? Either way, let's just put this in perspective. How many viruses or trojans were discovered for Windows in the past year?

So, a Mac opening a JPG or ZIP automatically isn't leaving a door wide open?

http://isc.sans.org/diary.php?storyid=1138

I dunno the specifics of it, but that sounds pretty nasty.
 

oh toro

TRIBE Member
Aerius Zension said:
So, a Mac opening a JPG or ZIP automatically isn't leaving a door wide open?

http://isc.sans.org/diary.php?storyid=1138

I dunno the specifics of it, but that sounds pretty nasty.
seems like you don't use OS X. authentication as an admin user is required for anything outside of the users' home directory. authentication is required for the specific action. in other words, let's say this script is run via opening a jpg or zip file... well, as it is run, an authentication screen opens and there you must enter the user/pwd of an admin user to proceed. if you do not authenticate, then, obviously, nothing happens.

so, basically, you need to be highly involved in assisting this malware otherwise it does nothing. do you see the difference?
 

CiG

TRIBE Member
oh toro said:
seems like you don't use OS X. authentication as an admin user is required for anything outside of the users' home directory. authentication is required for the specific action. in other words, let's say this script is run via opening a jpg or zip file... well, as it is run, an authentication screen opens and there you must enter the user/pwd of an admin user to proceed. if you do not authenticate, then, obviously, nothing happens.

so, basically, you need to be highly involved in assisting this malware otherwise it does nothing. do you see the difference?
Are users not allowed to run scripts that are in their home directory?

Also, on my XP machine I could set myself up as a user without any rights, but have I ever? No... I'm not sure how it is on a Mac, but I would want my self to be admin on there as well... Do Apple users all have their accounts set as end-user accounts with no privileges... ?
 

CiG

TRIBE Member
CiG said:
Are users not allowed to run scripts that are in their home directory?

Also, on my XP machine I could set myself up as a user without any rights, but have I ever? No... I'm not sure how it is on a Mac, but I would want my self to be admin on there as well... Do Apple users all have their accounts set as end-user accounts with no privileges... ?
Oh and... HAPPY BDAY MR JOBS...!
 
tribe cannabis accessories silver grinders

oddmyth

TRIBE Member
CiG said:
Are users not allowed to run scripts that are in their home directory?

Also, on my XP machine I could set myself up as a user without any rights, but have I ever? No... I'm not sure how it is on a Mac, but I would want my self to be admin on there as well... Do Apple users all have their accounts set as end-user accounts with no privileges... ?
you can run scripts in your home directory, but permissions are strict on files outside of that ... most user accounts can't do much other than read through some files .. no delete or write capabilities, there are no kernel processes run by the user.

The 'user as admin' paradigm is what got MS into the hotwater its been dealing with for years. It was originally done to make use interoperabilty within the OS a snap of the fingers .. which it was .. until people figured out that they could exploit entire systems because of it. Since then it has been the bane of Windows users everywhere.

Unix was built on a solid security model wherein users are users and there is an admin account to do admin things when you need to. You can switch to the admin account quickly (ie. not like windows logging in and then logging back out), and most installs and scripts will pop a box asking for admin password to install something.

This security paradigm is now being emulated in Windows Vista ..

Running an admin acct for everyday work will soon be extinct, except for those who like to live on the edge of stupidity.
 
Top