Spiga

Breach In Security


HAS the Mac finally been hacked?

A computer security conference held in Vancouver, recently, uncovered a flaw that saw a hacker gain control of a MacBook Pro.

The security hole was discovered by New York security researcher Dino Dai Zovi, participating in a hacking challenge at the CanSecWest Applied Security Conference. $US10,000 and a MacBook Pro cash were up for grabs for anyone who could take over the MacBook Pro via a wireless connection.
Participants failed to hack the Mac on the first day, when it had no applications running. So organisers relaxed the rules and allowed them to attempt to exploit any security flaws they could find in Apple's Safari web browser.
Nine hours later one hacker succeeded, by emailing a link to a malicious website that enabled him to gain access to the MacBook Pro's administrator account and hence control the Mac.

While it was initially reported as a Mac flaw, it turned out to be a bug in Apple's QuickTime software that affects any web browser, Mac or Windows, that has Java enabled. The simple solution is to disable Java on one's browser, but a more permanent QuickTime patch from Apple should be forthcoming.
The hack created headlines because of the Mac's unblemished security record and Apple's boasts of Mac OS X having no viruses.

But while finding a flaw is one thing, exploiting it is another. The QuickTime vulnerability was just the latest in a line of "proofs of concept" of how a Mac might be taken over, not an actual real-world case. It was limited to a particular Mac in a particular situation, and there was no danger of Mac virus spreading across the internet.
Mac OS X remains virtually impregnable because, by default, applications cannot be installed without authentication by the user.
The CanSecWest challenge followed the "Month of Apple Bugs" earlier this year that aimed to showcase a Mac flaw every day for a month, and several proof-of-concept trojan horses that have relied more on users' gullibility than actual Mac security weaknesses.
There also was an alleged MacBook wireless hack that turned out to be a vulnerability in a third-party wi-fi card.

So while Mac users are yet to face a serious security threat while surfing the internet, they should not be complacent.
In addition to its regular operating system updates, Apple routinely releases security patches for all aspects of the system software, which you can download at www.apple.com/support/downloads, or via your Software Update utility.

0 comments: