Security research worker Dino Dai Zovi direct a shudder through the Macintosh community late last hebdomad when he successfully cut up the Mac with an exploit that he sent to a friend attend the CanSecWest security league . By gaining shell memory access to a Mac by pointing the Safari Web web web browser at a specially - constructed web page , Dai Zovi win a $ 10,000 prize from 3Com ’s Tipping Point division — and took a lot of Mac drug user by surprisal .
But if the intelligence of a hacked Mac was alarming in some quarters , security expert say they are n’t the least bit dismayed .
“ Literally any piece of code is die to have vulnerability and the Mac is no elision , ” said Ray Wagner , Gartner ’s supervise vice President of the United States in the secure business organisation enablement radical .
Thomas Kristensen , master technology officer of surety - research business firm Secunia , agreed . “ mack systems are as vulnerable as most other operating organization , so anyone with sane skills should be able-bodied to compromise them , ” he said .
Most Mac users see their operating system as being much more safe than Windows . That ’s true to a certain extent . But much of the Mac ’s unsusceptibility from malicious plan of attack can be impute to hackers going for the more widely used operating arrangement to grab the most attending .
“ If a hacker turned their care to the Mac , it would suffer just as much as Windows , ” Wagner said . “ attack the 95 percent of the market gets them more attending . ”
grant to research Wagner did in the last twelvemonth , an operating scheme would need to hit the 20 to 30 percentage penetration level before it really becomes a quarry for hackers . This is the tip where hack will feel it is worth the time to endanger a vulnerability .
However , in spark of last week ’s proof - of - concept feat , Mac users should n’t worry that hack are move to initiate flooding the market . “ Just because there has express to be a hack , that does n’t mean there will be all kinds of hack writer show up all of a sudden , ” Wagner said .
Dino Dai Zovi , the human race that determine the exploit , hopes for a safer operating system for all Mac users . “ I desire the increased visibility due to the packaging surrounding this incident causes more hoi polloi to search for and responsibly report vulnerabilities in the Mac to aid make it a safer political platform for everyone , ” he said .
Dai Zovi said he amount up with the hack in about nine hour from the time he got the call from his ally Shane Macaulay , who was see the CanSecWest conference .
“ In this instance , break into the Mac was not especially unmanageable , ” Dai Zovi said . “ I got golden and stumbled across a dependably exploitable exposure rather promptly . In many other times in the past , I have spent much longer looking without finding anything . It often hail down to luck and an intuition for where software weakness may lie . ”
A Mac user since the release of Mac OS X , Dai Zovi has discovered local and distant vulnerabilities affecting Windows , Mac OS X , and Unix operating scheme . While modern Unix - based system like Linux and FreeBSD portray the most difficulty for hacking , he praised Apple and Microsoft for the security improvements both company have made .
“ Microsoft has made bully stride in improving the security of their codebase and enforce proactive security defenses to make vulnerability exploitation more hard , ” Dai Zovi said . “ Apple has made some sound design decisions in Mac OS X , such as minimize the number of default undefendable connection services , using non - executable writable memory segment and employing a well designed administrative substance abuser authorization system , that are also good security measure . ”
Dai Zovi said he is not currently working on any novel Mac hacks , but he may startle work on some new ones when he has some more time .
