IT PRO: Blogs: Davey Winder: i Caramba!

Home

Davey Winder's Blog

i Caramba!

Posted in Uncategorized on November 25, 2006 at 2:01 pm

My Finnish friends at F-Secure have told me that their security research labs have taken delivery of a proof-of-concept sample for an AdWare application. Nothing particularly exciting or unusual about that, you might think, but if I tell you that it is an AdWare application that targets Mac OS X would you perhaps change your mind?

Bearing in mind, as a proof-of-concept code sample this is still in the realms of theoretical threat, there is no danger out in the wild. Yet. But given that it exploits a combination of the ease of use of a Mac and no Administrator rights in order to attach itself to your user account and then subsequently every application you use, that danger could be very real unless Apple do something drastic to fix the underlying weaknesses in OS X that allow a System Library to be installed without prompting the end user.

Sensibly, F-Secure are not revealing the precise methods used by the iAdware code, after all they are in the prevention not scare-mongering business (although it can often be a close call as far as security firms are concerned.) However, F-Secure did tell me that an Administrator could easily install iAdware globally for every user, as all it requires to do its stuff is Copy permissions. In their testing, the guys at the lab say the code sample managed to launch the Mac web browser client successfully for every application they used.

File under interesting rather than highly risky for now, but let it at least wipe the smug grin off the faces of the Apple Advocates who insist that their platform is impenetrable when it comes to such things. AdWare may not be a Windows based problem alone for very much longer…

Not yet rated

Loading ...

Previous Post | Next Post

Comments

This article has no comments yet.

Make a comment

Tag cloud

iPhone chips Nintendo surveys RATM work betting Psychic Geeks iPhone 3G VeriSign Top 500 encryption Twitter Game Big Brother exploit Kindle Eee Rant Steve Jobs carbon copy Energy tech memory graphics stupidity Space web ISPA games Education hacking Browser MessageLabs credit card fraud virtual world Rumour Europe McKinnon IP Recall acquisition The Federation library Digg Adobe data protection sick payment server Nexus services Tesco debian Linux IT Trousers help Project Music email Election Video Psion banks EU admin Advertising Funny NBC privacy Performance computing Health policy VM Ballmer outsourcing monetisation Apple botnet Google Earth data football second life ISP worker books ID Theft Dell hacker theft Spotify fool Review USA Licensing Marketing shopping eBook economics parental control e millions smartphone trust avatar iPad copyright hubdub desktop xmas Death Notebooks iPhone 3GS Digital Footprint hypervisor NASA Paris Hilton staffing GMail christmas mail Amazon Meh Blogging Obama home Hack MSNBC Michael Jackson Mars Parenting computers patch management news worm spam black hat Cisco YouTube Experiment symantec Patents Opinion workplace e-commerce malware Noro Android hoax Application Zango FBI CAPTCHA Kin scam Children Programming survey GSM Blog meme earth hour Battery Texting compromise China Press Texas Instruments law Browsers computer OCR Apps Kill Switch scareware Mafia Eee PC money Sony transactional security MiniBook Media information environment gadgets lawsuit world of warcraft InfoSec science Olympics crime Enterprise recession Kaspersky computing BOFH Palm Pre nightmare family Johnny Depp Data Centre Firefox MSN Acer office Harry Potter ROFL digitise Gadget Business Scotland global Windows Phone 7 Series Military students Developers productivity campaign adware President Internet banking politics virus Vista network credit crunch poll Google social networking spending Porn statistics stupid economy Jobs Conference PS3 console Windows Palm archiving ASUS Supercomputer Employment Army Mobile Phones Top 10 management disclosure OS wifi biometrics universe support museum Bill Gates Lotus migration Yahoo Backlash Russia Networks remote Microchip Internet Explorer teleworking dumb fun open source AMD innovation green patent gaming IBM App linkedin Trojan Study development Guardian technology standards Netbook Research phishing Deal payments Retail Analysis holidays Gateway hardware fake report School Government SSL mobile Microsoft printing VPN ecommerce broadband prison service XP search size App Store Jesus Phone BSI code Finjan man-in-the-middle Banned HPC Steve Ballmer IDC Gartner Architecture Facebook virtualisation snooping virtual machine DNS Madness security Intel Software Flash remote working fraud HP Voice iPod web 2.0 scan Sex SMS Web Development Windows 7 cloud storage Pirate RAM Addiction terrorism documentation Silverlight Beta Mobile Phone tax rootkits

Highest Rated Blog Posts

Why ecommerce fails (100%)
Google Chrome stands alone at PWN2OWN (100%)
Betting on Hubdub technology (100%)
Has Google gone insane as GMail goes back to beta? (100%)
Chinese whispers as government implicated in UK hack attacks (100%)
Crimeware toolkit targets 10,000 trusted sites (100%)
Black Hat risk to migrating VMs (100%)
Tough on cyber crime, tough on the causes of cyber crime (100%)
Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
Has the US Army declared war on Windows 7? (100%)

i Caramba!

Tag cloud

Archives

Most commented posts

Highest Rated Blog Posts

Advertisement