It took a hacker less than 30 minutes to gain root-level access to Mac OS X, according to a report from ZDNet. The hacker who penetrated the system called the Mac “easy pickings.”The security breach took place on February 22 after a Swedish devotee of the Mac set up a Mac Mini as a server and invited all takers to try to compromise the system’s security to gain root-level control. Once a hacker has gained root access to a computer system, the attacker can install applications, delete files and folders, and use the computer for any nefarious purpose.
The competition was over in a matter of hours after a hacker, who asked to be identified only as “Gwerdna,” gained access to the server in question and defaced the Web site with a message that read, “This sucks. Six hours later this poor little Mac was owned and this page got defaced.”
Gwerdna told ZDNet that it took him a mere 30 minutes or less to gain root control of the Mac. “It probably took about 20 or 30 minutes to get root on the box,” Gwerdna said. “Initially, I tried looking around the box for certain misconfigurations and other obvious things but then I decided to use some unpublished exploits — of which there are a lot for the Mac OS X.”
Taking Aim at Macs
Although Gwerdna said that the Mac Mini could have been protected more effectively, he also said that, even had the machine been configured for better security, it would not have stopped him because the vulnerability he exploited has yet to be published and Apple has not released a patch for it.
The winner of the hacking contest went on to say that there is a limitation on what hackers can do with unknown and unpublished vulnerabilities because there are countermeasures that systems administrators can employ to tighten security — even for unpublished software flaws.
Although Gwerdna said that Mac OS X contains unpatched vulnerabilities that would permit a hacker to infiltrate Apple’s operating system, he said that the relatively small number of Macs in use — in contrast to the vast number of PCs running Windows — is the reason more hackers do not try to exploit them.
“Mac OS X is easy pickings for bug finders,” he told ZDNet. “That said, it doesn’t have the market share to really interest most serious bug finders.”
Flawed Apples
News of this contest comes on the heels of Macs being hit by two viruses and a critical security flaw. Security experts called the Leap and Inqtana viruses relatively harmless because of their limited scope, but rated the security flaw in Apple’s Safari Web browser as critical. (continued…)
| 1 | 2 | Next Page > |
