New Mac OS X Denial of Service Vulnerabilities

FrSIRT has published information about a new denial of service vulnerability it has discovered in Mac OS X. As they say, “This issue is caused by errors in the “cs_validate_page()” function when processing return values of “hashes()”, which could be exploited by malicious users to panic a vulnerable system and create a denial of service condition via a specially crafted Mach-O binary.”

What this means is that a malicious user could basically overwhelm your Mac. Denial of service occurs when, for example, a computer receives too many requests on a network, and its processor becomes overloaded. While the term is most often used to talk about web sites - there have been cases when hundreds or even thousands of computers have been used to “attack” a specific web site, all sending requests at the same time, so the server cannot respond - this can also affect individual computers. However, the risk is very low that someone would bother to attack a given Mac, unless it is being used as a server.

At the same time, another denial of service vulnerability has been found, this one being a “flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.”

Kernel panics are more troubling, as you lose all your work when this occurs. If you’ve never seen one, it looks like this:

When this occurs, you have to force-shut-down your Mac by pressing and holding the power button. It’s the worst type of crash, because you’ll lose any unsaved files.

Apple Patches QuickTime Streaming Flaw

As we reported here just over two weeks ago, Apple’s QuickTime, for both Mac OS X and Windows, had a flaw in its real-time streaming protocol (RTSP). This flaw was dangerous enough that some reports suggested that it was being using in the game Second Life to scam players. Apple today released a QuickTime update that patches this vulnerability, along with two others, one affecting QTL files, and another the way QuickTime deals with Flash media. Windows users can download this patch from the above URL, and Mac users can get it via the Software Update preference pane in System Preferences. This is an essential update, so do it immediately.

Will the iPhone be Hacker’s Delight?

There have been several security issues with the iPhone, in its short life, from this weakness which appeared shortly after its release, to this, this, and this security update for the device. In addition, there has been a lot of talk about how it could be attacked by hackers.

In a vague press release from a security analyst hoping to make a name for itself, suggestions are made that the “iPhone will become the victim of a serious attack in 2008.” This analyst suggests that “These assaults are likely to be in the form of drive by attacks – malware embedded into seemingly harmless information, images or other media that actually perform dangerous actions when rendered on the iPhone’s Web browser.”

Well, that’s like saying it will rain sometime next month, but we don’t know when or how much. However, one comment does make sense: “hackers will be enticed by the possibility of attacking Apple users and the opportunity to “be the first” to hack a new platform.” The iPhone is high-profile, it’s always on, and it has Internet access, all factors that could lead to attacks. In addition, phone users generally don’t worry about security - they don’t have firewalls or antivirus software installed, and in the case of the iPhone, there are no possibilities to install this sort of software.

Intego believes that there will be threats to the iPhone, and given the kinds of flaws that have affected Apple software recently (the RSPlug Trojan Horse and the QuickTime streaming flaw), it’s not clear which type of malware will be most effective, or most virulent. It is worth noting that there are ways of hijacking phones to make money - having them call expensive numbers that are not included in phone plans, for example; something that is harder to do on computers.

Intego is monitoring security issues on the iPhone, and will provide information whenever any threats appear that affect this device.

Intego NetBarrier X4 Compared to Apple’s Leopard Firewall

Mac OS X 10.5 Leopard includes a firewall, which claims to “prevent unwanted connections from the Internet or other networks.” But a personal firewall should do more than just block connections by application, as the Leopard firewall does. The following is a comparison between Intego NetBarrier X4 and the Leopard firewall, showing why Intego NetBarrier X4 is far superior to Apple’s integrated solution.

• NetBarrier works on Mac OS X Jaguar, Panther, Tiger and Leopard (10.2.8 or later). Apple’s firewall only runs on Leopard (though Mac OS X 10.4, Tiger, had a different kind of firewall, which was difficult to configure).
• NetBarrier works on Mac computers with a PowerPC G3 processor or better, and is a Universal application, running native on PowerPC- or Intel-based Macs. Apple’s firewall only runs on Leopard-compatible Macs, which have G4 processors at 867 MHz or faster.
• NetBarrier offers preset configurations for the most common network usages. Apple’s firewall offers no preset configurations, other than “off” and “allow only essential services.”
• NetBarrier can have different settings for different locations, such as at home, at the office, or on the road. Apple’s firewall settings apply to all locations.
• NetBarrier can block network traffic by source, destination, service, port and interface. Apple’s firewall only blocks traffic by application.
• NetBarrier records detailed logs of all incoming and outgoing network traffic. Apple’s firewall offers only limited logging.
• NetBarrier offers a powerful Antivandal feature to block a variety of network attacks, such as ping floods, port scans and intrusion attempts. Apple’s firewall has no such feature.
• NetBarrier protects against Trojan horses and buffer overflow attacks. Apple’s firewall has no such feature.
• NetBarrier has powerful anti-spyware protection to keep users safe from spyware, and to alert them about applications that “phone home.” Apple’s firewall has no such feature.
• NetBarrier has a stop list, which blocks hostile computers, and a trusted group, which ensures that friendly computers never get blocked. Apple’s firewall has no such feature.
• NetBarrier has a data filter, which lets users protect specific sensitive data, such as credit card numbers. Apple’s firewall has no such feature.
• NetBarrier has a surf filter, which lets users control cookies, and a banner filter, which hides web ads. Apple’s firewall has no such feature.
• NetBarrier has a cookie editor, which allows users to manage and edit cookies. Apple’s firewall has no such feature.
• NetBarrier has powerful traffic monitoring tools. Apple’s firewall has no such feature.
• NetBarrier includes a NetBarrier Monitor application, so users can monitor traffic when the NetBarrier program is not running, as well as a traffic monitor screen saver. Apple’s firewall has no such feature.