Feeds

Mac and Linux Bastilles assaulted by new attacks

No one here gets out alive

Beginner's guide to SSL certificates

A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.

H Security reports on a series of actively exploited vulnerabilities in Apple's Mac OS X operating system that remain unpatched. A vulnerability in mounting malformed HFS disk images creates a privilege elevation risk, allowing regular users to obtain root privileges.

Other exploits involving kernel system vulnerabilities create a means for hackers to crash vulnerable systems. Lastly, another unpatched flaw in AppleTalk poses a system crash (though not code injection) risk.

The flaws were first demonstrated at the CanSecWest security conference last month but remain unpatched, H Security adds.

Separately security researchers have unearthed a potential method for dropping rootkits onto vulnerable Linux systems. Anthony Lineberry, senior software engineer for Flexilis, is due to demonstrate how to hack into the Linux kernel by exploiting the driver interface to reach into physically addressable memory. At a session during the BlackHat security conference in Amsterdam on Thursday afternoon. The attack represents a new spin on a well understood class of risk, Dark Reading adds.

Properly carried out, the attack approach allows malicious processes to be hidden, hijacked system calls, and remote backdoors onto compromised machines to be established without creating much in the way of clues that an attack is taking place. Ahead of Lineberry's presentation, entitled Alice in User-Land: Hijacking the Linux Kernel via /dev/mem, the security researcher has published a paper on the attack here (pdf). ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.