Patched Mac holed in 30 minutes

Apple's Mac operating system may not be awash with viruses just yet, but hacking it seems to be a more straightforward proposition.

In the latest example, a hacker claims to have taken half an hour to gain full access to a fully patched Mac server put online for a cracking competition.

Late last month, a Swedish Mac enthusiast put a Mac Mini online and invited the general public to attempt to gain access and wipe the system's hard drive - to "rm" it, in reference to a Unix command for removing files and directories.

The administrator, who wishes to remain anonymous, said someone had attained root access within about two hours. "I was kind of shocked to see it was hacked this quick," he told Techworld.

Four hours later, a hacker going by the handle "gwerdna" defaced the home page of the "rm-my-mac" competition. The administrator noted that the contest is still technically going, since no one has yet wiped the Mac's hard disk.

Gwerdna needed only half an hour to crack the system, taking advantage of an unpublished security flaw in OS X - one of many, according to the administrator. "There are virtually loads of them, both in the kernel and in userland," he said. He is familiar with the flaw gwerdna used, but doesn't intend to disclose it to Apple or anyone else, he said.

Though a fan and heavy user of OS X, the administrator admitted the operating system contains a large number of serious, unpatched flaws that have never been reported to Apple. He said some of these are old BSD Unix bugs that have been patched in BSD but not in OS X, which is based on BSD.

"Whether a bug is reported or not depends entirely on the person who finds it," he said. "Some people who find bugs do report them to the vendor, and some do not. There's really not much to win by reporting a security hole to Apple, or any other vendor for that matter."

Security vendors say the Mac has escaped the widespread security problems that plague Windows largely because of its small market share, rather than because it is inherently secure. The rm-my-mac administrator noted that there are some ways of locking down systems such as BSD or Linux that aren't available for OS X.

However, attackers are getting more interested in the platform. At the recent ShmooCon in Washington D.C., a prominent security researcher found that their Mac had been cracked into, according to a report from SecurityFocus.

The attacker set up a file server on the system, and used information culled from the Mac to contact one of the researcher's friends and brag - but no trace was found as to how the attack had been carried out, the report said.

Last month, two viruses appeared aimed at the Mac platform in the space of a week. Shortly afterward, researchers warned of a bug that could be used to execute malicious code automatically via the Safari browser.

Security researchers have been warning for some time that the Mac isn't as secure as people think, and that Apple isn't responsive or open enough in its approach to the issue.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?