Charlie Miller to reveal 20 zero day security holes in Mac OS X
By Darren Murph 
posted March 19th 2010 9:29AM
posted March 19th 2010 9:29AM
Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?
Ok If hackers want just bragging rights, there will be all over OSX, the fact that OSX is been around about 10 years and only seen a at best 2 hacks and that's only if the hacker is able to get the password...but like always PC/Windows fans will always say that the lack of "market share" is the reason not to do it is just a silly argument.
What hacker in the world would not want to say that he was the first to able to infect a Mac with a virus...and to say suck it Steve Jobs and Apple fanboys..
Does it warrant mentioning that there may be quite a few hacker out there that don't particularly care to spend $1500-2000 on a machine of the Apple kind to explore breaking the software. I know we all spend what we spend but from my experience, there isn't a slew of hackers using $Ks worth of hardware to hack stuff. What do ya say?
@jmcburna
You could pick up a used OS X machine for under $100 if you really wanted to. It wouldn't be fast or pretty, but you'd have everything you need to get hacking. But somehow it isn't happening, and the 'no marketshare'-explanation is getting really, really old. It's like saying there's no good reason to rob a jewelry, because there's so many more gas stations that you can rob.
@drange Thanks for lighting that exception up. Yes...ebay Mac "parts". Live it. Love it.
@drange
No, it would be like saying no kne is going to develop the particular tools to break into a few gas stations (macs, full of useless data), as opposed to continue honing the tools to break into the masses of jewelry store PCs, running accounting departments and housing important data...
@jmcburna
You can build a brand new Atom or Celeron/Pentium Hackintosh that will run a retail copy of OSX for less than $250. The barrier to entry for iPhone development or hacking on OSX is incredibly cheap if you're willing to violate a EULA. This isn't user friendly to do, but it won't scare away a hacker either.
Also, checking my local Craigslist, I could pick up a 2nd or 3rd generation 15in Macbook Pro (2.2Ghz C2D) for $350 today. That's still a pretty good system compared to what a new netbook costs.
Claiming that it costs $1500-$2000 to get started on a Mac is just plain incorrect.
@msgyrd I've known of the hackintosh and of course the lot that'd be concerned w/ the hacking and such would most likely be looking cheaply rather than a new system. That was a rather ridiculous suggestion. However, I know that larger towns/cities (more importantly metros) only support a craigslist section large enough to even consider shopping for used electronics of any modern sort ruining any hope of a cheapbook*sadfaces*. Anywho, thanks for the insight, very interesting thoughts on the matter.
This is something I have always said when it comes to Mac they are "safer" because pretty much every hacker knows they are not being used in sensitive areas do to the amount of security holes. Our personally hackers could break into a mac in no time and having a mac on your network can actually compromise the security of your entire network because it would be the weak link.
@TheOne Are you living under a rock?? the DoD most sensitive networks run on Mac servers because they had been burned using Windows way too many times....
@TheOne
Not being used in sensitive areas? You mean like the NSA and CIA not to metion the military and NASA? Those are sensitive enough for you? How about the nuclear bomb maker Raytheon? Not sensitive?
Get your facts straight. Macs are used in these places alongside UNIX and Windows (for Solitaire).
@(Unverified)
What are you talking about?
From the DoD's own "Mac Support Page":
Windows on your MAC: While you have made a conscious decision to “be a Mac”, the NETCOM Engineers have not, and therefore the easiest solution for some problems, such as DTS, PureEdge, ApproveIt, and some websites, is to use Windows through a Virtual Machine, such as Parallels or VMWare, or through Apple’s native Boot Camp. This will require you to have a legal copy of Windows. With this you can install the ActiveClient, PureEdge, and ApproveIt software and utilize all the DoD tools from your MAC. The benefit of the Virtual machines over Boot Camp is that is will allow you to run Windows as an additional program (without restarting your computer) and keep OS X running the entire time.
Yes yes,
OSX = An OS that is secure as long as noone attacks, possible to attacks but noone seems to be able to show any proof either way.
WinXP = A Leaky fortress under constant siege.
WinV/7 = Bit of both, depending on whether or not you turn of User Account Control. (If you do then dont whine, you opened the friggin door.)
They guy is the P.T. Barnum of security. He loves yelling hysterical nonsense because it gets him attention and makes him money.
He's wrong. OS X is more secure by design than Windows. That's because it's built on BSD Unix. Not because it's made by Apple. That doesn't mean it's completey secure. Otherwise, he's be out of a job. But to whine about lack of attention being the only reason it's safe to use is bunk. Otherwise, there are plenty of Apple-haters out there who would love to prove Apple and its fanboys wrong by doing something publically. That would be a huges pay-off in ego points. And that's one thing hackers univerally have, unsatisfied egos.
ah well... in the last 6 years, my work has run 11 macs with no anti virus... and of course, no viruses.
On the other hand, the billing side running Windows has had endless issues with their enterprise antivirus (besides the cost). Problems such as missed updates, service crapping out, and of course, viruses that somehow slipped through.
@Nicnac
Your IT sucks ass. I've managed 400+ PCs and 25 macs. The macs are not enterprise machines and made it to the attic. The PCs required greater know-how, because they offer much more and are thus a more complex system. When apple can implement something as sound a active directory, they're going to shit their pants.
Isnt Mac always the 1st OS hacked at black hat, with windows 2nd and linux 3rd?
Macs aren't attacked because NO ONE DOES REAL WORK ON THEM. PCs power businesses and administrative users and accounting machines and IT machines (and, and, and) - macs power stubborn, emotional people with little technical merit. Why would someone be interested in spending hours to build something to attack college kids wearing tight pants and old gorons who fell for the apple commercials?
I think everyone is focused on the wrong issue. Viruses are shitty whether you're on a Mac or Win or Linux, I think this is the ONE time that computer users should unite and then find and stone the parties responsible for creating and unleashing these viruses on ALL of us.
Bilge. I have to run a malware scrubber on my netbook because Windows is "more secure" than OS X. The other three machines in the house, all running OS X, have never been infected. I'm sure there are many vulnerabilities in anything as complex as a mainstream OS. The difference is that exploits in OS X require user stupidity whereas in Windows they are design features.
apple needs to upgrade their flux capacitor.
He's not revealing 20 bugs, https://twitter.com/0xcharlie/statuses/10723604719
Ive said this for years. Apple / Windows all have their good and bad points and Windows gets attacked heavily due to its popularity, but now since Mac's are getting more and more popular, hackers are aiming their sights at Unix instead of Visual C++. Over time Mac's will be prone to equivalent if not more attacks. Popularity has its disadvantages.
@EngadgetFreak
UNIX is a type of operating system
Visual C++ is a programming language
Thanks for proving that you have no idea what you are talking about.
Not to be rude, but you missed the point of why it is called a "hole", or "exploit". An attempt at redirection or misrepresentation is called Phreaking...not hacking. The underlying concern is that Apple has been the sleeping rabbit thinking it is ahead of the game because it had it easy in the beginning. Essentially, at the core, they ignored sensibile business tactic (Don't twist these words. Think about it and you will know what I mean)...if you think you have arrived, that is the beginning of your fall. (not sure if someone else said that, but I claim the quote :-) ).
Sorry for the tangent. Anyway, the OS is not always the "only" problem. Many times simply because the OS functions as a platform, it hosts many applications that "you" have already given full admin permission to, but the apps themselves can be compromised. I don't care who the coder or team of developers is, if it was written, it can be hacked. Microsoft has had it rough, but that is the name of the game. King of the hill right? If you are in the lime light, prepare to get knocked down.
FTA: Update: Miller has clarified that he does not intend to reveal the details of the twenty vulnerabilities at CanSecWest, but will show only how he found them.
Engadget has no idea what "mainframe" means.
Whats this? But I thought Macs were supposed to be virus proof.
For fellows like Mack Stone...
Just like you tout the repetition of OSX threat assessment statements/articles and the lack of follow through by the black hat community, the critics of such articles also exhibit a pattern.
When someone comes to the aid of Apple in the comments section of said articles the word Virus comes into play, even if mentioned exploits are not related to them.
This is mostly a wording issue, but it relates to attack vectors....
There are 3 main methods of malware distribution. Viral, Worm and Trojan. Of these, the virus is the least common and most easily defeated. The most common is the Trojan which can be delivered in many ways. That is why daily threat assessments have no or very few virus' listed.
http://www.virusradar.com/stat_01_current/index_all_enu.html
Why do I mention these minor details? Because I notice the consistent use an incorrect statement. Viruses are nearly non issue these days. Even though they continue to be varied, they are easily avoided and or stopped. If you said malware or trojan, even worm I would not have bothered to write.
That stated. The use of the word virus in context of security threats is dated and common. It is also a key, calculated word chosen for Apple advertisements, which is indicative of the following:
You are a hypocritical fanboy. And all of your statements are here to fore nullified for all perpetuity.
Apple+Security+Venerability=Wintroll catnip
I can understand all the arguments that the Mac is vulnerable and we should worry, but surely there's at least one person in the world who would want to write a virus for the Mac if it is indeed so easy to do. Hell, look at Engadget comments on any Apple article - there's a very vocal and voraciously anti-Apple crowd out there. Is there really none among them who is capable of writing a virus and who would like to embarrass Apple? Why hasn't it happened?
@crunc
Many of these coders are gettign paid in some form or another. Sure there are some really silly people who do it for "fun, leisure and fame" but all that does is get you into a lot of trouble for no good reasons.
If the majority of the world is using a certain system and I want to get paid by dubious individuals or organisations/cartels, I will dabble in that system. I could dabble in the smaller systems but why? The only time people get paid to work over the smaller system is when it's a contest. I'm not interested in contests. Many of these guys get paid more than any contest can give them for working over the majority share system.
I work professionally in the IT line and freelance as a designer. I design and make sure that my sites work and display properly with IE and firefox as these are the major browsers; and in many cases, simply only IE.
I don't ever bother about Safari, Opera or what not. I *could* test and rework sites to display and function on more than 2 browser types; but why would I? Extra work for very little gains on my part and on the part of my "employer". That extra work could add up to several days of effort multiplied by however many projects I have on hand at the time. It simply is not within my benfit, nor my employers benefit, for me to go down that path unless there are SPECIFIC requests & use cases for what I am doing; and those are chargeable.
It's not so much I am willfully ignoring other systems. The people who pay me simply aren't interested in what's happening with that other system.
See what I'm trying to get at?
@ounkeo I do understand what you're saying and I know it's true that the vast majority of people writing these things are doing it for money. Still, surely somewhere in this world there is one single person who would like to embarrass Apple in a big way and make the news, and this would be an easy way to do it. "Hacker known as mac-killer-10x creates first effective mac virus. Spreads like wildfire. Apple security in question", reads the headline. Surely someone out there would be impossible tempted to do it. So it doesn't make sense to me that this has never happened if in fact Mac OS X systems are so vulnerable. All it takes is one person and a desire to do it, and there are a whole hell of a lot of people in this world.
Ill just say this.
While im on my Douche-bag only, full 64bit, liberal art inspired imac that cost me only 1400 bucks, i can surf the interwebs without a care in the world. No anti virus installed either.
Oh wait: A pop up says something about my C:/ drive OMG! Then i remember than im running os x, and laugh as i close the box.
how many of u windoze people can operate so freely? Of course winblows get better with every revision, but that's not the point.
yeah, i thought so.
@king_electric_warmonger I tried my best, but I have absolutely no idea what you are talking about.
By the way, the difference in use of the term 'zero day' between hacking and warez is a bit confusing. For a minute I thought it meant as in, the day the software was released. Now that would be impressive - unfortunately, Apple haven't released a new OS in a while, so, yeah, no.
but all the mac commercials tell me that mac is so much safer then windows, you are telling me that marketers lie?
Too much emotion here..my empathy circuit is in overload.
Seriously though, I don't know why security related discussions always end as fan boy hate fests. I mean nearly all operating systems out there have vulnerabilities. Most of the time it is not the core of the OS that is vulnerable. Hell ,even NT4 was not bad, if you "locked" it down hard.
At the end of the day we are all in the process of risk management. In that whatever we do with our computers or how we use them we accept whatever risk we are comfortable with. If you personally are fine with connecting to the net without anything mitigating your access. Then that's your business, YOUR RISK.
In my case I have a multiple firewall environment setup. Where all access to the Internet is proxied, and that proxy has malware scanners etc on it. There are also protocol filters, intrusion detection/prevention systems in place as well. Even email is scanned and processed. I also regularly look at the proxy logs just to see what traffic is there. Along side that I also have malware software on those computers that I deem it necessary, and yes that is the Windows ones and the Macs!. Because that is what the rest of my family use. I use my mac and unix systems as required. That is my home environment, my choice, and the RISK I am willing to accept.
Paranoid! you might say, perhaps. But over 11 years of working in large gateway/firewall environments for Federal organisations, seeing first hand attacks from the Internet (some successful) and how the attack vectors have changed over the years, i think not. I have done enough threat and risk assessments to know that nothing is secure!. All we do is minimise the footprint or exposure we have.
I also maintain a computer forensic network that is air-gapped from the rest of the enterprise. We still run malware scanners on all systems in there.
Security requires an holistic approach. You must be part of the process. You cannot leave it up to the vendors to do it all for you, they cannot. As has been pointed out, the end user is by far the weakest link. Phishing or other social engineering techniques are far more lucrative that attempting to find a weakness in an app or an operating system. That being said, there are still so many vulnerable systems out there, that a lot of the old methods still work.
And I always thought that zero-day exploits were those that were not in the "wild" yet.
oh! and reason I mainly use Macs, is because of my Unix background, and also because they are all mac-mini's and therefore low power consumption.
YAAWWWWWN. oh look, it's time for the bi-annual major OS X security blanket break-through that all the Apple-Haters have been dreaming about for the last 10 years! Wait, what's that? Nothing's been shown yet? Nobody's ever been infected with anything on OS X? All previously shown security vulnerabilities have involved physical access to the machine and/or access to Root and/or involved bad third party plugins?
Someone let me know when someone in the real world has had their machine compromised. Until then, 100% of viruses are written for Windows. 0% are written for Mac OS X. You tell me which is safer.
What I don't understand is why posters are not condemning hackers regardless of what OS gets hacked. Its absolutely the worst thing that a computer user has to deal with.
If you know a hacker, report their ass to the authorities. I'm tired of financially supporting anti-virus companies for juvenile and criminal behavior.
Don't bother replying to me about how I need to deal with it because it's never going away. As far as I'm concerned that's bullshit.
I think hackers should be charged with trespassing as a felony crime.
@cray
+1
You are Correct!
I like the farmhouse analogy. I had a farm house like that once in the country in Austria. This was a place where people would leave their bicycles unlocked in the street. Where you would leave the front door unlocked even when leaving the house.
And you know what - nobody ever thought of beefing up their security there. You didn't need to.
So with OS X, it's the same - once actual attacks start rolling, the defenses will improve very quickly. Until then - who cares.
There's a name for vigilant defense against non-existent threats: Paranoia.
Security is relative to the environment. If you have flame resistant material in a world populated by flamethrowers, you are safe. If the world is instead populated by machine guns, you might be screwed.
I find it fun to read the comments of the Apple and MS Fanboys
I wonder when they realise that they're practically the same (The haters that is, Windows and OSX, DEEEEFFFINENTLY not the same.)
I love it! Hello, I am PC and I am a Mac. Lets talk about Apples security holes. It works right out of the box.. after you install a anti-virus and some security software.
I cant wait to see their new commercials now.... MEET APPLE THE NEW MICROSOFT. I HOPE THEY GO DOWN IN FLAMES. I LOVE IT.
My site receives about 75,000 visitors a month. 25% of those are mac users--about double from what it was 1.5 years ago.
@3pxshift
stats from one specific website are meaningless. Worldwide marketshare for Apple really hasn't gone up that much.
@k7of9
meaningless? I don't think so.
In the global scope, perhaps it's just a blip on the radar, but it sure means something to me. My demographics are pretty broad and I think this representative of what's happening in the United States.
People in the U.S. are power consumers and Apple certainly has taken note. Look at their stock/stales/etc., for many, it starts with the iphone and that's a precursor to purchasing a Mac.
I think Apple will experience some growing pains shortly.
Impossible, Apple products are flawless.
Nothing is 100% secure. But my Mac is still MORE secure than a Windows PC. Simples.