Black Hat USA 2009 Conference - potentially dangerous Mac flaw exposed?

« Previous article.
Next article. »

Jul
29

By: switchtoamac at: 10:43 PM on July 29, 2009 | Comments (0)

A report posted at Reuters by Jim Frinkle indicates that at the Black Hat USA 2009 conference in Las Vegas Nevada, a well known Mac researcher has uncovered a technique that could potentially allow hackers to take control of a Mac and steal encrypted data.  A few quotes from the article:
"Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world's top forums for exchanging information on Internet threats."

"The technique that Dai Zovi unveiled on Wednesday -- dubbed "Machiavelli" -- only works on machines that have already been victimized. It can take control of Apple's Safari browser, stealing encrypted data from a user's bank accounts."

"They said the Mac's operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit."

"While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected."

"When the malware authors put out something that's really sophisticated we are going to have a whole population that is really vulnerable," said Joel Yonts, an expert in Mac security attending Black Hat."
You can take it for worth at this point until additional details are released and/or Apple releases a patch to address the proposed flaw.  Note that the article incorrectly calls out that three Mac viruses over the past year when in fact the exploits relied on the user needing to perform an action in order (such as running an installer) for it to work.  A virus on the other hand does its work without user intervention.

You can read the article in its entirety here.

Speak your mind - Leave a Comment