Mac and Linux assaulted by new attacks

Gary · Apr 16, 2009, 22:52:08

"A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.

H Security reports on a series of actively exploited vulnerabilities in Apple's Mac OS X operating system that remain unpatched. A vulnerability in mounting malformed HFS disk images creates a privilege elevation risk, allowing regular users to obtain root privileges"

Other exploits involving kernel system vulnerabilities create a means for hackers to crash vulnerable systems. Lastly, another unpatched flaw in AppleTalk poses a system crash (though not code injection) risk.

The flaws were first demonstrated at the CanSecWest security conference last month but remain unpatched, H Security adds.

Seems right now no one is safe

I guess when times are hard people will be looking even deeper for holes to exploit, what happened to the internet as a great way tool for communicating and learning, its turning into a minefield even for the safest of OS's now, and slow patching which used to just be Microsoft's forte seems to be effecting everyone now a little more. Full Story here http://www.theregister.co.uk/2009/04/16/alternative_os_flaws/

Rik · Apr 17, 2009, 00:23:43

It was inevitable, Gary. In many ways, with so many servers running Linux/Unix, I'm surprised there are not more attacks.

Ted · Apr 17, 2009, 11:59:15

It would appear that these vulnerabilities are not exactly new, or remotely exploitable. You would need physical access to the machine to cause any problems.

I really must stop mounting unknown, malformed HFS disk images!

Rik · Apr 17, 2009, 12:09:09

Why deny yourself the fun, Ted?

Sebby · Apr 17, 2009, 12:33:31

Quote from: Ted on Apr 17, 2009, 11:59:15
I really must stop mounting unknown, malformed HFS disk images!

Spoil sport.

Gary · Apr 17, 2009, 20:54:48

Quote from: Rik on Apr 17, 2009, 00:23:43
It was inevitable, Gary. In many ways, with so many servers running Linux/Unix, I'm surprised there are not more attacks.

Routers running linux based software have been taking a bash recently as well, people leaving default passwords get their route were getting hacked, do people really do that

Gary · Apr 17, 2009, 20:58:13

Quote from: Ted on Apr 17, 2009, 11:59:15
It would appear that these vulnerabilities are not exactly new, or remotely exploitable. You would need physical access to the machine to cause any problems.

I really must stop mounting unknown, malformed HFS disk images!

I think the point is Ted people are getting to comfy operating Linux based distros and Macs, in the current economical climate more and more attacks will be aimed at them as e are all fair game, and I guess more holes will show as no OS is hacker proof, and people forget that.

greenfedora · Apr 17, 2009, 22:31:54

Quote from: Gary on Apr 17, 2009, 20:54:48
Routers running linux based software have been taking a bash recently as well, people leaving default passwords get their route were getting hacked, do people really do that

They do. Being known as a computer techie, I was invited into the office of my local shop the other day to figure out why they couldn't connect to the internet. I noticed he simply looked up the default password to log me in to his router. I suggested he change it.

Incidentally they couldn't log on because the bill hadn't been paid!

Rik · Apr 18, 2009, 09:25:58

Quote from: greenfedora on Apr 17, 2009, 22:31:54
Incidentally they couldn't log on because the bill hadn't been paid!

Occam's Razor.