Mac OS X Vulnerable to Memory Injection Attack

Vincenzo Iozzo, security researcher as well as student at Italy's Politchnico di Milano University, demonstrated a new type of computer hack into Mac OS X with which attackers could inject malicious program into the memory space of another application, as reported by Softpedia on February 23, 2009.

Vincenzo Iozzo disclosed the details of the attack during a presentation he made at the Washington's Black Hat DC computer security conference held on February 18, 2009. He explained that since the attack takes place in the computer's RAM, whatever possible trace the hacker might leave behind is instantly wiped out when the system is shut down.

However, the demonstration indicated that there is little fear for Apple users at least for now. Iozzo said that the attack works only if the hacker already gained remote access to the target system, as reported By ITPlanet on February 23, 2009. Iozzo added that the attack does not automatically allow the hacker take over every system within the network, but to gain access to each, an attack code is needed. This attack code is not required for exploiting a fresh system from the start.

Nevertheless, the attack's greatest disadvantage is that hackers could solve the problem of avoiding detection while executing binaries that might not be present on the hard drive of the attacked system. Despite that, when an attacker aims to run a binary on his victim's system, he needs to run a syscall, execve(). As a result, alarms might be raised of the Intrusion Detection System (IDS) or other kinds of measures for countering security, and thus the attack become detectable.

The researcher further indicated that the memory injection attack highlights a potentially dangerous and new attack medium for Mac computers that so far have been free from malware threats plaguing Windows machines.

Also, Iozzo notes that the use of Mac OS X is becoming widespread among computer users; therefore, hackers are required to discover new techniques of exploitation. Further, while a number of interesting methods of exploiting Mac OS X were discovered during the past days, it is clear that anti-forensics techniques were largely lacking, he added.

Related article: Mac OS X Devoid of Malware, Vexing Experts

» SPAMfighter News - 3/3/2009