Two related security issues for Apple products Mac OS X (Leopard) and iPhone were raised recently.
In this year's Black Hat Briefings conference, a security researcher claims that Mac OS X is easy to hack. The researcher highlighted three options in hacking into OS X:
1. Elevation of user privilege using suid: OS X has more than 50 suid root applications. That means 50-plus vectors of attack.
2. Safari: When opened, the browser also opens several programs, and any flaw in any of the said apps can be exploited over the Web.
3. Open source components: it seems that OS X 10.4.10 contains open source components that are out of date, and as such, are candidates for bug exploitation.
And iPhone being a Mac machine in the micro level, vectors number two and three mentioned earlier are also present on the iPhone. Apple had released patch 1.0.1 for the iPhone July 31, and a vulnerability was included in the said patch, courtesy of an outdated open source component (PCRE).
Security experts always tell users to patch systems and apps when patches are released. I guess it is time they tell Apple to do the same.
(Crossposted from here.)
No comments:
Post a Comment