Mac Users BEWARE
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Mac Users BEWARE

  1. #1
    Senior Member wolfman1984's Avatar
    Join Date
    Aug 2007
    Location
    fangtastic.org
    Posts
    191

    Mac Users BEWARE

    To all the funky mac users out there (you know who you are...)

    *START SPOOKY MUSIC*

    Take hede and pay attention to this warning.....

    On last night past a wickedness was discovered in the form of a quicktime exploit. All OSx users should stay away from the Interweb or else suffer the concequences. You have been warned!

    */SPOOKY MUSIC*

    http://www.securityfocus.com/bid/21829/discuss
    http://www.milw0rm.com/exploits/4673
    http://www.milw0rm.com/exploits/4664
    http://www.milw0rm.com/exploits/4657
    http://www.milw0rm.com/exploits/4651
    I AM... THE WOLFMAN!!
    The Wolfman's Homepage: http://www.fangtastic.org
    Do you dig the Wolfman?? Sign his Ghoulbook or listen to him Howl

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Interesting, because it is actually an Apple Quicktime vulnerability rather than an OSX one. It works with Vista and XP as well.

    This is a trend that I have noticed over the past 18 months or so: more application rather than OS specific exploits. I guess it gets round the problem of writing cross-platform stuff, which is actually rather difficult.

    Another consideration is that if users are pretty bad at keeping their security software and operating systems up to date, they are even worse at updating their applications.

  3. #3
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    @wolfman1984

    Even if this was a Mac OS bug (which it isn't, as nihil pointed out), it's not like Mac users need to "duck and cover". It's not like Mac OS X has never had vulnerabilities before; it has.

    @nihil
    I am under the impression that, while it does work on Vista/XP, it doesn't work in IE 6/7. Source: http://it.slashdot.org/article.pl?si...51212&from=rss

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  4. #4
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    You would make a good IT manager, Make up figures and generally have no clue but it sounds good to those who dont know better.


    Quote Originally Posted by nihil
    Interesting, because it is actually an Apple Quicktime
    vulnerability rather than an OSX one. It works with Vista and XP as well.
    Wow, userspace exploits who would have thought of such a thing, why are you acting like this is some massive break through, there have been all kinds of vulns found in various media viewers, ranging from windows media player, winamp right down to a fairly wide spread tiff library(it lead to the ability to run homebrew code on the psp, and a heap overflow on the iphone, which is fantastic due to the non executable stack present on the iphone)

    Quote Originally Posted by nihil
    This is a trend that I have noticed over the past 18 months or so: more application rather than OS specific exploits. I guess it gets round the problem of writing cross-platform stuff, which is actually rather difficult.
    Did you just pull this 18 month number out of the air a quick browse of the usual suspects shows no such pattern? User space exploits especially buffer overflows are far more common than your kernel space exploits(who likes having to deal with different architectures let alone all the different memory locations for functions urgh) although you can have all types of fun with mapped memory and the kernel, however given there are far more applications than there are kernels you see far more application based exploits, simple statistics, whats more fun than over writing the return address in your stack on application with setuid(0)? If there has been an increase in anything in the last 18 months it has been sql/xss exploits, with the increasing popularity of ajax driven web pages, and the fact that any kid and his ' key can find sql injects, and php actually promoting poor programming, never before has a sql engine seen so much use of the UNION statement.


    Quote Originally Posted by nihil
    Another consideration is that if users are pretty bad at keeping their security software and operating systems up to date, they are even worse at updating their applications.
    Yes its almost as if someone should write a application to keep track of installed packages and update when necessary, this same system could also update the kernel, and patch any vulns, i should get on it, i cant think of a good name though, emerge? no apt? YUM? how apple apple software update? YAST but that sounds to much like an issue that females would suffer, perhaps i should just write all of them, that will sure start some arguments on the intrablag.

  5. #5
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    Quote Originally Posted by xierox
    @wolfman1984

    Even if this was a Mac OS bug (which it isn't, as nihil pointed out), it's not like Mac users need to "duck and cover". It's not like Mac OS X has never had vulnerabilities before; it has.

    @nihil
    I am under the impression that, while it does work on Vista/XP, it doesn't work in IE 6/7. Source: http://it.slashdot.org/article.pl?si...51212&from=rss

    - X
    While every OS has shared in the fun of exploits, this is one of the very few OSX remote code execution vuln's that has been released to the public, 0days are fun, and perhaps one of the first that is vuln straight out of the box, there was the TIFF one mentioned earlier, but that was only allowed to run in the context of the application using the library. So they should duck and cover its pretty serious, while most apple users dont run as admin by default(where as most windows xp users do) its still cause for serious concern.

    Now onto your other statment, its amazing how people jump all over IE security yet, here it is with one of its security methods stopping an overflow, when i have some time i plan to sit down with the shell code(reverse shell made easier by the fact they used the meta sploit lib) , but dont discount the shellcode perhaps they didnt find the ret codes for ie6 on xpsp1 it is specific,

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    ildjarn, whilst I appreciate that English might not be your primary language:

    You would make a good IT manager, Make up figures and generally have no clue but it sounds good to those who dont know better.
    At least you appreciate why you will never achieve managerial status in this profession

    Wow, userspace exploits who would have thought of such a thing, why are you acting like this is some massive break through,
    We are not................. if you read more carefully you would see that the comments were only that this is a more increasing trend.

    Did you just pull this 18 month number out of the air a quick browse of the usual suspects shows no such pattern?
    No, it is based on my personal observations and long term trend analyses. I do not base my opinions on "quick browses"............... I am way too old and far too experienced for that
    Last edited by nihil; December 1st, 2007 at 03:01 PM.

  7. #7
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    Quote Originally Posted by nihil
    ildjarn, whilst I appreciate that English might not be your primary language:


    At least you appreciate why you will never achieve managerial status in this profession
    You no nothing of me, yet you seem to speak with authority, just proves that authority is often un deserved.

    Quote Originally Posted by nihil
    We are not................. if you read more carefully you would see that the comments were only that this is a more increasing trend.
    It was careful reading that lead me to this observation.

    Quote Originally Posted by nihil
    No, it is based on my personal observations and long term trend analyses. I do not base my opinions on "quick browses"............... I am way too old and far too experienced for that
    i went through alot of bugtraq to see if i could spot this pattern, but no matter how far i go back, its all the same, alot of userspace vulns and a handful of vulns for any number of kernels, some very bland and no proof of concept was released so cant verify, but having seen some 0days that have come past my desk, it is highly likely that it worked. So im not sure where you are getting these <insert buzz words> from, but the only growth i see is webapp exploits, and everything is remaining fairly normal.

  8. #8
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    Hmmm, is a good old fashioned flame war in the offing....
    Only trust Pipe-smoking Penguins.

  9. #9
    Senior Member wolfman1984's Avatar
    Join Date
    Aug 2007
    Location
    fangtastic.org
    Posts
    191
    Whoa Whoa Whoa! Let's all take a chill pill! The Wolfman is no longer fealing the love in this topic.

    The intention of this topic was to draw attention to OSx users the 0-day exploit that exists for Quicktime. Yes, I agree, the "sploit" affects Windows users, but let's face it, they live with unpatched vulnerabilities and exploits everyday, so nothing new for them.

    Now, ildjarn, my man! You need to take it down a few notches. Nihil has some valid points, as do you. Why the need to come on so strong?
    I AM... THE WOLFMAN!!
    The Wolfman's Homepage: http://www.fangtastic.org
    Do you dig the Wolfman?? Sign his Ghoulbook or listen to him Howl

  10. #10
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    Quote Originally Posted by wolfman1984
    Whoa Whoa Whoa! Let's all take a chill pill! The Wolfman is no longer fealing the love in this topic.

    The intention of this topic was to draw attention to OSx users the 0-day exploit that exists for Quicktime. Yes, I agree, the "sploit" affects Windows users, but let's face it, they live with unpatched vulnerabilities and exploits everyday, so nothing new for them.

    Now, ildjarn, my man! You need to take it down a few notches. Nihil has some valid points, as do you. Why the need to come on so strong?
    Because he talks like he has some authority on the subject, so people might feel obligated to belive him,yet despite what you said he had no valid points, just trying to stop the perpetuation of false information.

Similar Threads

  1. Win2K Users Beware
    By Egaladeist in forum Security News
    Replies: 0
    Last Post: October 12th, 2005, 08:53 PM
  2. Securing 2000 Pro
    By akachuckie in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 24th, 2005, 01:47 AM
  3. Silent Guardian Or Topic Of Conversation?
    By JP in forum Site Feedback/Questions/Suggestions
    Replies: 23
    Last Post: October 20th, 2004, 08:24 PM
  4. Spyware/Maleware User Agreements
    By moxnix in forum Spyware / Adware
    Replies: 7
    Last Post: July 8th, 2004, 02:42 PM
  5. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •