There's yet more evidence that Macs are vulnerable to hacking: A new Mac OS X exploit was recently unveiled at the Black Hat security conference. And the hacker who wrote it says that once malware writers focus on the Mac, Macs will be at least as vulnerable as Windows-based PCs.
Dai Zovi, a Mac security expert and co-author of "The Mac Hacker's Handbook," revealed a flaw that that lets hackers take over a Mac OS X machine, and steal and read encrypted data, Reuters reports.
Daily Tech reports that it's a relatively simple exploit:
All the technique needs is access to the memory. A few lines of code will give the attacker access to the root memory, which is then written to establish a TCP connection, allowing the hacker to download malicious files and control the computer remotely. Mr. Zovi demonstrated how the attack can be used to hijack Apple's Safari browser, stealing encrypted data from a user's bank accounts.
I've written previously that Apple refuses to acknowledge that Macs are not thoroughly safe, and that the company does a worse job than Microsoft at closing security holes. This is just one more example.
Dovi warns that there's nothing inherent in Mac OS X that makes it safer than Windows, and even says that it's actually more fun writing malware for the Mac. The Daily Tech reports him saying:
"There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun."
Plenty of people believe the reason the Mac is not bedeviled by malware is that its market share is dwarfed by that of Windows, and so it's not worth the effort to hack it. In fact, Reuters reports that some security researchers actually believe it is easier to write exploits for the Mac than Windows:
They said the Mac's operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit.
And one researcher warns that because Mac users feel they are invulnerable, at some point, they may become easy targets. Reuters quotes Joel Yonts, Mac security expert, as saying:
"When the malware authors put out something that's really sophisticated we are going to have a whole population that is really vulnerable."