Posted on 03/06/2006 10:47:30 AM PST by ShadowAce
updateGaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .
According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.
"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.
Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.
An Apple Australia spokeswoman said today it was unable to comment at this stage.
Completely amazing. As someone else said, this is a stunt, not a hack.
I think that "gwerdna" might actually be someone called Andrew G, what do you think?
No, as I pointed out on the other thread, that merely makes it into a local exploit, rather than a remote exploit. You should not be able to compromise the machine merely by logging in - the fact that you can do so means there is a hole somewhere.
Are you on Apple's payroll?
"The lady doth protest too much, methinks."
BTW, it's "latter". ;)
I forgot to add /opensourcegplnutcommiebigot_off at the end.
Ouch. Or should I say PWNED! I still think OS X is a slick OS though.
BWA HA HA HAAAAAAAAAA !
Lies, lies, more lies!
It's because it's superior dontchaknow...
OK how about prettier and gay... ?
Thanks for the "latter" You are the 3rd internet police-person I've met here today. Not too annoying.
I'm not on Apple's payroll. I just use them, and find it amazing how much vitriol is displayed towards this inconsequential platform from insecure PeeCeers.
Agreed. Even local users shouldn't be able to root a box, but I'm a heck of a lot more worried about remote exploits than local exploits, as I don't think I'm likely to be hacking myself while sleepwalking.
From what I understand, there are known local exploits for Windows that not only haven't been patched, they are not planned to ever be patched because it would take a re-write of some rather fundamental service-related code, and any fix would break tons of applications. I recall specifically one I read the details about involving notepad.
When one has internet facing boxes, it's really important to understand what you need and do not need to have running. Many exploits can be avoided merely by having a tightly configured firewall. I watch such applications as ssh and apache pretty closely, as a failure in either can be more dangerous than just about any other program I run.
Relaxe.
I have nothing particularly personal against Macs.
My brother-in-law uses his to burn my home movies to DVD and I cannot think of a better machine for the task.
I do, however, take particular "glee" from the relatively easy baiting of Mac-groupies. It really is too easy.
As far as "insecure" goes;
1. I'm incredibly confident that I can go to nearly any US corporation and be perfectly capable of using their systems without issue.
2. I am secure in my knowlege that my platform will get first crack at any new software and that I won't have to wait two years until the publishers get around to making a half-ass version for the Mac.
The transition to the Intel architecture must have sponsored at least a few dozen suicides by now ;)
Given physical access, anyone can root a box. So even local users can't/shouldn't have physical access.
"Physical access" means, of course, the presence of a removable-media drive, monitor, keyboard. A box without those is a lot harder to gain access to.
Quite so, but administrators of machines which others are intended to access - computer labs, libraries, even businesses deploying Macs for their employees - should be at least moderately concerned.
For saome, maybe. To me, not really. It's not the CPU that floats my boat, it's the OS that I prefer.
Is that you, Golden Eagle?
Absolutely. If I have physical access, there is nothing you can do to keep me out of any box, be it a PC, or mainframe.
These days, with the 'live' linux distributions, that is even easier than it used to be.
Yup. Threat models matter a lot to one's stance regarding administration and patching standards.
Well hell, no wonder people hacked his box. If he'd put up a decent firewall and then someone hacked it using an http or https exploit, then I might worry a little.
I remember some time, about 8 years ago, when Jobs held a huge conference (annual Apple convention?) to announce that Apple had secured an additional $100 million in financing.
I watched (on TV, live) as Jobs gestured to a large projection screen. When Bill Gates smiling face was broadcast onto that 40' screen, I SWEAR I could hear gasps, then gentle sobbing ;)
I'm still waiting for Final Cut Pro HD on the PC. A bunch of popular UNIX apps would be nice too.
I remember that. Gates made A LOT of money from that investment.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.