Posts Tagged ‘Mac OS X’

Mac OS X Has More Vulnerabilities Than XP and Vista

Larry Dignan at ZDnet has posted a comparison of the numbers of vulnerabilities between Mac OS X and Windows, both XP and Vista, and while the numbers look like Microsoft has a big lead on security, it certainly does not mean that. It just says that Mac OS X has 5 times the flaws of XP and Vista every month in 2007.

Windows XP, Vista, and Mac OS X vulnerability stats for 2007
XP Vista XP + Vista Mac OS X
Total extremely critical 3 1 4 0
Total highly critical 19 12 23 234
Total moderately critical 2 1 3 2
Total less critical 3 1 4 7
Total flaws 34 20 44 243
Average flaws per month 2.83 1.67 3.67 20.25

Source: Mac versus Windows vulnerability stats for 2007

Now, before everyone does the Mac versus PC thing, this is just a comparison of the vulnerabilities and in no way does it say that Windows is more secure, now, if they did a comparison of the actual number of exploits taking advantage of the same vulnerabilities, I am sure the number would be severely tilted to Microsoft as they have the larger installed base. Plus, after reading some of the comments, it doesn’t take into account how many of these are actually from Apple for their software, as they distribute patches for the software that comes with their OS as well, lots of it being open source.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - December 18, 2007 at 7:46 pm

Categories: Apple, Microsoft News, Windows Vista, Windows XP   Tags: , , ,

The MacLockPick, Live Forensics for Your Mac

This is one cool little USB drive, and I am currently looking for a Windows version, drop a comment if you know of one. The MacLockPick is a USB device that will allow you to perform live computer forensics on a suspects Mac OS X system, once the software is run, the drive will extract data from the Apple Keychain and system settings to give the examiner fast access to the suspect’s critical information with as little interaction or trace as possible.

MacLockPick, live computer forensics for Mac OS X

MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep. It also makes use of the openly readable settings files used to keep track of your suspect’s contacts, activities and history. These data sources even include items that your suspect may have previously deleted or has migrated from previous Mac OS X computers. Source: MacLockPick, live forensics for OS X via MacUser

Here is some of the data you will have after the software runs:
System passwords.
General passwords.
Internet passwords.
Appleshare passwords.
Folder dates.
Disk images.
Files that have been viewed in the preview program.
Recent QuickTime file names.
Recent Applications, Documents, and Servers.
IM default login and buddy list.
Email account details, address book and opened attachments.
Complete web history, including search strings in the Google toolbar, cached bookmarks, current bookmarks, cookies, and browsing history, including the number of times visited and the date and time of the most recent visit!
Serial numbers of attached iPods.
Bluetooth devices.
Wifi connections.
Network interfaces.

Unfortunately, this device if for law enforcement only, you must provide proof that you are a licensed law enforcement professional and that the use of this technology is legal on federal, state and local levels.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 27, 2007 at 2:43 pm

Categories: Apple, Computer Forensics   Tags: , , ,

QuickTime 7 Vulnerability

the Month of Apple Bugs website posted their first vulnerability for this month, and it affects Windows as well, BAM!! KAPOW!! The double whammy. I’m sure the message boards will be heated up, my OS is better than your OS, can’t we all just get along?

The following description of the software is provided by vendor (Apple):

QuickTime 7 makes the future of video crystal clear with new features including user-friendly controls and pristine H.264 video. Upgrade to QuickTime 7 Pro and capture your own movies, then share them with friends and family via email or .Mac.

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + colon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, JavaScript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition. Source: the Month of Apple Bugs

From Cnet, QuickTime zero-day bug threatens Macs, PCs,

“The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account,” said LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs. “It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime.”

The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in September, on both Apple Mac OS X and Microsoft Windows, according to the Month of the Apple Bugs advisory. Previous versions could also be vulnerable, according to the advisory.

Security-monitoring companies Secunia and the French Security Incidence Response Team, or FrSIRT, rate the QuickTime flaw as “highly critical” and “critical,” respectively. Source: News.com

As usual, this will be more dangerous to Windows users, as most users run under administrator accounts, Apple has not released any info on when a patch could be released.

They released the second vulnerability today, they are promising one a day,

A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC.

This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version). Source: VLC Media Player udp:// Format String Vulnerability

The poster with the handle LMH and independent researcher Kevin Finisterre say a positive side effect will, probably, be a more concerned user base and better practices from Apple management. Makes for interesting reading at least, although this QuickTime vulnerability could affect a large percentage of the internet, especially Windows users.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 3, 2007 at 5:00 am

Categories: Apple, Security, Windows XP   Tags: , , , ,