July 11th, 2002, 07:01 PM
NEWS: Hacker Cracks Apple Downloads
courtesy of Blackcode.com--
According to the BugTraq mailing list, a hacker named Russell Harding has posted full instructions online for how to fool Apple's SoftwareUpdate feature to allowing a hacker to install a backdoor on any Mac running OS X.
The exploit takes advantage of SoftwareUpdate, Apple's software updating mechanism in OS X, which checks weekly for new updates from the company. According to Harding, who claims to have discovered the exploit, the feature downloads updates over the Web with no authentication and installs them on a system. So far, there are no patches available for this problem.
"Apple takes all security notifications seriously and is actively investigating this report," a company representative said.
Harding stressed that the exploit is a simple one if using several well-known techniques, including domain-name service (DNS) spoofing and DNS cache poisoning.
DNS spoofing is an attack where an individual seeks out a numerical IP (Internet Protocol) address (for example, 220.127.116.11) corresponding to a specific Internet address (for example, www.cnet.com), but an attacker's computer intercepts the request. The attacker then sends back a false IP address that corresponds to a hostile server.
DNS cache poisoning has similar results, but instead of intercepting a request for an IP address, the attacker uses a variety of techniques to replace the valid address in an official DNS server with an address pointing to the attacker's computer.
When SoftwareUpdate runs normally, a person's computer connects via HTTP to an Apple.com page and sends a simple request for an XML document containing the latest inventory of OS X software. The Apple.com site returns the document, which the person's computer then cross-checks against what it has installed.
After the check, OS X sends a list of software that needs to be updated to another page on Apple.com. If an update for the software is available, the SoftwareUpdate server responds with the location of the software, its size, and a brief description. If not, the server sends a blank page with the information, "No Updates."
On his Web site, Harding provides two programs that he says have been customized for carrying such an attack. One program listens for DNS queries for updates, and when it receives them replies with spoofed packets rerouting them to the attacker's computer.
The second program, which is downloaded onto a victim's Mac and masquerades as a security update, contains a copy of the encrypted communications program, Secure Shell.
Automatic updates of software--particularly operating system software--is a growing trend. Several Linux companies offer this feature for their distributions of the open-source operating system, and Microsoft recently launched a similar service called Microsoft Software Update Services.
--courtesy of blackcode.com--
July 11th, 2002, 07:07 PM
July 11th, 2002, 07:18 PM
Well, atleast it's not Unix's fault for this security flaw, authentication wouldn't hurt would it? I wonder if Apple thinks they're immune to secuirty flaws and hack attacks... or were they thinking?
Search First Ask Second. www.google.com
July 11th, 2002, 08:07 PM
Sounds like he just used the same tactics as the guys who spoofed Norton's Liveupdate service. DNS spoofing is not inherently a MAC problem, it's everybody's problem. That's why they should've implemented some typ of certificate system.... shame on MAC for not being smarter.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson