Black Hats hack Macs
LAS VEGAS -- Though Apple isn't officially presenting at Black Hat, Apple is definitely in the crosshairs of security researchers.
In a session given by famous security researcher Petko D. Petkov, attendees were told about how a particular Apple QuickTime URI handling flaw was discovered. Petkov also gave the audience a tip, that there are plenty more Zero Day bugs to be found for other researchers who concentrate on looking at applications that will accept addresses that then trigger a file protocol URI function.
Ever heard of Mac OS X rootkits?
Neither had I, but I sat in part of a session in wish Jesse D'Aguanno talked about his MAC OS X rootkit called iRK. From the part of the talk that I saw it sure looked like the real deal to me, but of course to get a rootkit onto a Mac (to do whatever damage you want) you have to have root.
"You can fuzz an application and easily find all the places that are
vulnerable to heap overflow," Beauchamp said. "Then we could figure what parts would be susceptible
to arbitrary code execution."
So no, there were no major exploits for Apple actually revealed at Black Hat, but it sure looks to me like researchers are looking.