Every once in a while while talking to folks about computer security I am told that I should switch to Mac’s because they don’t have security issues or viruses. I find that very amusing and I think the following comic sums up the ‘apple fanboi’ thinking quite succinctly:
Even though it is funny, unfortunately a whole lot of folks still believe in the Myth that Apple computers/devices are secure/don’t get viruses. Now, don’t get me wrong, there are a lot of good points for the Mac OS and they just work for some people. I am not one of them but that doesn’t mean that I ‘hate’ Mac OS or Windows for that matter. I like Linux, others don’t. That is their choice and this is my choice. This post is to talk about computer security and high light some of the major flaws that have hit Apple computers over the past few months:
Firmware Boot kit: Thunderbird
This was discovered by Trammell Hudson back in Jan 2015. It allows a user to quietly, persistently and virally compromise Apple Macs from boot. Since the code is stored in the firmware it is very difficult to detect and remove. It works against all Macbooks released since 2011. Apple has released a fix but it is hard to ensure that your computer isn’t already infected before applying the patch.
Details are at: Thunderstrike shocks OS X with firmware bootkit.
Shellshock: Mac’s are vulnerable
Shellshock allowed attacker’s to insert malicious pieces of code from a remote location and get full system control of a victim’s machine. The scary part of the story wasn’t that Apple computers were vulnerable (plenty of systems were), it was the fact that Apple refused to acknowledge the issue and took over 15 days to release a patch for the problem, even though it was being actively exploited in the wild. Their justification was that “The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services”.
So basically if you don’t use your computer to do anything other than the default configuration you are good. (for the most part) Those of us who use Mac’s to actually code or develop stuff are not a priority for Apple.
- Apple says most Mac users are safe from ‘Shellshock’
- Apple’s OS X Bash Update 1.0 Patches Shellshock Vulnerability
Bypassing OS X Security (Gatekeeper & xProtect)
Patrick Wardle, director of research at Synack spoke at the RSA conference a few days ago about OS X security and as per him getting around the restrictions put in by the OS X Security tools is trivial.
“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,”
More details on the issue are at: Researcher Discloses Methods For Bypassing All OS X Security Protections
iOS WiFi Bug Allows Remote Reboot of All Devices In Area
This one is my favorite. It allows an attacker to cause all iOS devices (iPhones/iPads) in a particular area to Crash and/or reboot. It involves setting up a rogue wireless access point (WiFi hotspot) and manipulating the traffic to it to cause all apps and iOS devices in range to crash. The best part is that there is no fix for it. The only way to resolve the issue is to move out of range of the Access Point. Even putting your phone in Airplane mode doesn’t work. Which is scary on it’s own because that means that even when you are in Airplane mode the phone is still transmitting/receiving data from wireless networks.
Since there is no fix for it yet, the researchers have not released a lot of details on the exploit but once Apple releases a fix they will give more details it. Then I can just imagine someone setting up one of these using a Raspberry Pi at a conference hidden under a table causing a whole bunch of people a whole lot of pain/annoyance.
Additional details of the issue are at: Evil Wi-Fi kills iPhones, iPods in range
There are a whole lot more where these came from. So the moral of the story is that there is no system that is 100% secure. If you want to stay safe, follow best practices, update frequently and pray.