Currnet Macintosh OS X vulnerabilities or exploits?
February 3, 2008 3:36 PM Subscribe
What is the current state of the art in Macintosh OS X vulnerabilities, exploits and other remote security issues?
I'm a recent convert to OS X, and I'm fairly familiar with Unix/Linux/BSD - however, my primary work and IT experience is with Windows.
As such, I like to stay informed of these issues - and I also like experimenting with my own machines - and I like to feel more secure about the machines I use by knowing what is and isn't possible.
What's new? What should I be aware of as an IT consultant and support tech? What can I experiment with at home?
I'm particularly interested in buffer overflow exploits, pings-o-death and other remote DoS or TCP/IP stack attacks.
I'm a recent convert to OS X, and I'm fairly familiar with Unix/Linux/BSD - however, my primary work and IT experience is with Windows.
As such, I like to stay informed of these issues - and I also like experimenting with my own machines - and I like to feel more secure about the machines I use by knowing what is and isn't possible.
What's new? What should I be aware of as an IT consultant and support tech? What can I experiment with at home?
I'm particularly interested in buffer overflow exploits, pings-o-death and other remote DoS or TCP/IP stack attacks.
If users turn on (largely open-source) services in OS X, this can sometimes open up the workstation to attack. http://milw0rm.com/ and http://www.rootsecure.net/ have lots of script kiddie stuff. There are lots of other sites. But on the whole, out of the box, OS X is pretty secure for a consumer OS.
posted by Blazecock Pileon at 8:15 PM on February 3, 2008
posted by Blazecock Pileon at 8:15 PM on February 3, 2008
it's pretty darn secure compared to a real modern OS.
compared to windows, it's like the difference between a bank vault and a soggy cardboard cigar box.
posted by KenManiac at 9:26 PM on February 3, 2008 [1 favorite]
compared to windows, it's like the difference between a bank vault and a soggy cardboard cigar box.
posted by KenManiac at 9:26 PM on February 3, 2008 [1 favorite]
Best answer: The NSA has a 171 page guide on hardening OS X. The tips are summarized in this article.
posted by sharkfu at 11:50 PM on February 3, 2008 [1 favorite]
posted by sharkfu at 11:50 PM on February 3, 2008 [1 favorite]
This thread is closed to new comments.
There aren't tons of known unpatched vulnerabilities, and most of those are local vulnerabilities, not remote. That's good. As far as the non-Apple software that ships with Mac OS X (Apache, PHP, etc), you have basically a similar same state as other major Unix variants.
There may be a DNS hijack trojan in the wild that pretends to be a QuickTime codec:
http://arstechnica.com/news.ars/post/20071101-rsplug-a-mac-os-x-trojan-a-new-threat-but-the-sky-is-not-falling.html
Low-threat, not based on a vulnerability in the system: Overall, the state of Mac OS X is pretty good. Browse the Secunia database for Apple if you're really interested in knowing more.
posted by secret about box at 4:08 PM on February 3, 2008