Security experts turn their sights on Apple's Mac OS X

Mac OS X has many fans - not least among security researchers. They have focussed on the Apple operating system and just keep on finding security vulnerabilities and ways of sneaking malicious software past the security mechanisms.

For example, two further vulnerabilities have been discovered in Mac OS X as part of the Month of Kernel Bugs (MoKB). According to their discoverer LMH, they could be exploited by local users to execute their own program code with elevated privileges. One of these affects a so-called ioctl for the AppleTalk protocol. This can be utilised by users to exploit the failure to validate user entries using prepared parameters when calling the AIOCREGLOCALZN function. The other involves the failure of the shared_region_make_private_np() system call to validate user entries, which can also be exploited by users. The discoverer claims to have tested them on fully patched Intel Macs.

Meanwhile F-Secure has come across a demonstration of adware which installs itself onto the system without requiring user interaction and is then started every time an application is called - in a restricted user account without admin privileges. If, for example, the program is placed in a specific (unnamed) folder, which is not present by default, it starts up when the Safari browser is started. It also continues to run after the browser is closed. McAfee in turn reports that user interaction is indeed required to run the demo and that the program does not work on PowerPC Macs.

See also:

• Mac OS X AppleTalk AIOCREGLOCALZN Ioctl Memory Corruption, report on MoKB
• Mac OS X shared_region_make_private_np() Memory Corruption, report on MoKB
• iAdware, report from F-Secure
• OSX/Cosmac, report on iAdware from McAfee

(trk)