Only last week, Apple had to patch eleven security vulnerabilities in its QuickTime multimedia software. Quoting "reliable sources", US media now report that Apple also took a number of additional steps in version 7.4.5 to make it harder for vulnerabilities to be exploited.
Microsoft employs Address Space Layout Randomization (ASLR) in Windows Vista to link libraries to addresses that are more or less arbitrary. Any malicious code injected by means of security flaws then has a harder time finding the right static address than in previous versions of Windows (such as in return-to-libc attacks). Such techniques have long been implemented in UNIX operating systems, such as BSD and a Linux (PaX), and Mac�OS�X has also had such a mechanism since version 10.5. Apple has now integrated ASLR in QuickTime so that libraries are no longer loaded to static addresses.
Apple compiled QuickTime with the /GS buffer security check, which detects buffer overflows using special cookies injected onto the stack. Apple also reportedly enabled Hardware No-Execute (NX) protection on Windows Vista. Apple has implemented these mechanisms not only in QuickTime for Windows, but also in QuickTime for Mac�OS�X. The -fstack-protector flag is used to check the stack, for instance.
It is currently not clear why Apple waited until now to implement these mechanisms. Since the end of 2005, Microsoft has been recommending the Security Development Lifecycle (SDL), which explicitly calls for the use of /GS for stack protection in addition to normal planning and checking phases. While these attempts to make QuickTime more secure are praiseworthy, they only make it harder for security flaws to be exploited rather than eliminating them. Information about how to get circumvent these mechanisms is already circulating on the internet.
------------------
Kudos to Apple for being a little more proactive...but it took repeated zero-day attacks to force their hand.
So in the end, I would say these extra measures are a reaction to increased attacks from hacker and the security community. Now this attitude needs to be taken into Safari and the iPhone and OS X.
Apple has been very slow to retro-fit open source patches back into OS X...and that is something that they will need to fix before it bites them big time.
Someone please remind Tom @ at CNET news about the load of OS X computers that were found working a bots back in 2006.
"No security researcher I spoke with could think of an instance of a Mac running Mac OS X that had been exploited in the wild."
We have moved beyond the world of only worrying about network services. These OS X servers were pwn thru PHP applications that were running on the operating system. Like it or not, the users on those systems were exposed and the data stored on those servers was put at risk....they were exploited in the wild. As noted in the article, OS X web servers are commonly defaced....is that isn't exploited, i don't know what is.
This stuff is two years ago..and people still think OS X is bulletproof.
That is some strong kool-aid...
No comments:
Post a Comment