From the
“
security by obscurity doesn’t work
”
files:
LAS VEGAS — Though Apple isn’t officially presenting at Black Hat, Apple is definitely in the crosshairs of security researchers.
In a session given by famous security researcher Petko D. Petkov, attendees were told about how a particular Apple QuickTime URI handling flaw was discovered. Petkov also gave the audience a tip, that there are plenty more Zero Day bugs to be found for other researchers who concentrate on looking at applications that will accept addresses that then trigger a file protocol URI function.
Ever heard of Mac OS X rootkits?
Neither had I, but I sat in part of a session in wish Jesse D’Aguanno talked about his MAC OS X rootkit called iRK. From the part of the talk that I saw it sure looked like the real deal to me, but of course to get a rootkit onto a Mac (to do whatever damage you want) you have to have root.
So I skipped out on the rootkit session halfway to sit in on another session about reverse engineering on the Mac OS X. Tiller Beauchamp and David Weston gave a revised version of their talk from Black Hat DC about using Dtrace as a tool for security research. This time out their tool is called Re:Trace and it’s in Ruby and targets the Mac.
“You can fuzz an application and easily find all the places that are
vulnerable to heap overflow,” Beauchamp said. “Then we could figure what parts would be susceptible
to arbitrary code execution.”
So no, there were no major exploits for Apple actually revealed at Black Hat, but it sure looks to me like researchers are looking.