Miller to reveal 20 Mac zero day exploits at CanSecWest
The celebrity hacker and one-time National Security Agency spook says he will arrive at the CanSecWest security conference loaded for bear, ready to expose a score of security holes in OS X, Apple software and third-party code, as well.
The H, a German security publication, reports that security expert Charlie Miller intends to disclose 20 zero day Mac security holes at the upcoming CanSecWest security conference next week. The exploits cover a mish-mash of proprietary Apple software (Preview, mdsnresponder), open-source components (WebKit, libz, etc.) and third-party software (i.e. Flash — whoa, big surprise).
“They sell lots of computers and nobody doesn’t buy Apple computers because of a perceived lack of security. So in their minds, they don’t have a security problem until it affects their bottom line, which hasn’t been the case, yet,” said Miller, who refers to OS X as “safer, but less secure.”
Open like 7Eleven [and Adobe software]
Miller recently advised all computer users, Mac heads included, that one sure way to improve security is to not install Adobe’s Flash. Further, Adobe’s portable document format (.pdf) is also a known hacker attack vector.
And, what do you wanna bet the issue Miller discovered in Preview is Adobe .pdf related, hmm? Knowing Apple, it’s probably an issue everyone else has already patched…
What’s your take?
Related Posts:
March 21st, 2010
To be honest, that kind of non-event based on sensationalistic declaration leave me cold.
We wil probably discover during the “demo” that, as it was previously the case, these “holes” are almost never exploitable in the real life.
I don’t remember the name of that hacker who won that prize for being able to hack “so easily”, in his own words, one Mac OS X computer.
Alright, he did it.
Congratulations.
But the question is: why, is there, to this day, ZER0 known virus, worm or trojan or whatever is the name you stick on such a pain in the a.. … if this is “so easy” ?
So, until we see ANY kind of malware in the wild, or we hear about “real” Macs being hacked by the hundreds … excuse me, but I allow myself to be VERY skeptical concerning the “exploitability” of these “holes” (even if they do exist, which I don’t deny, and SHOULD be fixed by Apple as soon as possible)
March 21st, 2010
Charlie Miller (a.k.a. Elmer FUD) is just feeding missinformation to Windows users who need to console themselves for all of the suffering they must contend with.
If Mac OS X is truly “less secure” than Windows, then logically there should be tens of thousands of viruses and malware for Mac OS X, based on the size of the Mac user base in comparison to the Windows user base. Since there are well over 200,000 forms of virus and malware for Windows, we should be seeing AT LEAST 20,000 forms of viruses and malware attacking the millions of Mac users.
The REALITY is that in the 10 years that Mac OS X has been in existence, there have been ZERO virus attacks on Macs. There have been a handful of Trojans… but that requires a Mac user to consciously install them (and most Mac users are intelligent enough not to be tricked into doing this).
Windows users have always believed these inane proclamations about the “insecurity” of Mac OS X, in the same way that “Flat Earthers” will believe that the world in NOT round, despite all the evidence to the contrary.
March 22nd, 2010
And why would you assume that Preview security faults are Adobes fault. Do you have any idea of the provenance of the code, or the simple fact that its based on a really old version of the PDF specification, rather than on the ISO 32000 standard? (http://www.iso.org/iso/catalogue_detail.htm?csnumber=51502)
Fear-mongering may feel impressive, but honestly, I prefer in-depth facts.
dave