Thu 30 Dec. 2004

21C3: Mac OS X (In)security

Heads-up!

On the last day of 21C3 a student from Bonn named Angelo Laub gave a presentation detailing several vulnerabilites in OSX.

  • User rights escalation through System Preferences
  • Bad Installers and wrong Permissions
  • Clear Text Passwords in Swap File
  • Personal Filesharing Denial of Service
  • Mach Injection
  • Disguised Executables

He apparently notified Apple in October about the System Prefs vulnerability, to which they responded inadequately and now ask him not to go public and to wait for the next update!

Not good.

Anyhow, here are slides of the presentation: Practical Mac OS X Insecurity (PDF).

(thanks to Industrial Technology & Witchcraft)

Comments »

The URI to TrackBack this entry is: http://sennosen.blogsome.com/2004/12/30/21c3-mac-os-x-insecurity/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>