A Mac OS X attack that leaves no trace
Vincenzo Iozzo, an Italian security researcher, says he's discovered a new way to inject executable code directly into the memory of a Mac OS X machine without leaving any trace behind. That would make detection of an attack considerably more difficult.
Attackers normally leave files on the hard disk, such as their own code, and virus scanners can spot these. Iozzo's technique could be used to run a binary file entirely in the memory area of the program under attack, so that no change is made to the hard disk. It could also be used on an iPhone, which after all runs a modified version of Mac OS X.
Iozzo intends to present his discovery at the Black Hat security conference in February, and then publish a sample program written in C for Mac OS X 10.5.
(djwm)