New exploit devised for the Mac

Share this article:
Most exploits posted on the web that make use of Mac viruses or malware are largely theoretical. But a researcher in Italy claims he has found a valid way to run hostile code on the Mac OS X.

The technique involves what the researcher, Vincenzo Iozzo, a reverse engineer at Zynamics GmbH, calls in-memory injection. The approach can put code into running processes and leave no trace of having ever been there.

According to The Register, Iozzo devised the exploit by discovering a way to bypass traditional means of loading binaries into the operating system.

Attacking the Apple Mac is notoriously difficult. Because Macs are based on Linux-like coding approach, it's one of the most secure systems, said Justin Esgar, president of Virtua Computers, an Apple system administrator.

“Anything that runs on the machine has to be installed by the user, unlike Windows which has ActiveX that can install something in the background," he told SCMagazineUS.com. “There is no way to install unauthorized software on the Mac. There are no processes running in the background that would allow for such a thing.”

An Apple spokesperson did not respond Wednesday for comment.

This new exploit relies on Mach-O, short for Mach object file format, which is used in Mac OS X for native executables.

“The people subjected to this are coders," Esgar said. "Typically users do not compile random source code on their computer."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.