Original URL: http://www.theregister.co.uk/2009/04/16/alternative_os_flaws/

Mac and Linux Bastilles assaulted by new attacks

No one here gets out alive

By John Leyden

Posted in Security, 16th April 2009 12:19 GMT

A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.

H Security reports on a series of actively exploited vulnerabilities in Apple's Mac OS X operating system that remain unpatched. A vulnerability in mounting malformed HFS disk images creates a privilege elevation risk, allowing regular users to obtain root privileges.

Other exploits involving kernel system vulnerabilities create a means for hackers to crash vulnerable systems. Lastly, another unpatched flaw in AppleTalk poses a system crash (though not code injection) risk.

The flaws were first demonstrated at the CanSecWest security conference last month but remain unpatched, H Security adds.

Separately security researchers have unearthed a potential method for dropping rootkits onto vulnerable Linux systems. Anthony Lineberry, senior software engineer for Flexilis, is due to demonstrate how to hack into the Linux kernel by exploiting the driver interface to reach into physically addressable memory. At a session during the BlackHat security conference in Amsterdam on Thursday afternoon. The attack represents a new spin on a well understood class of risk, Dark Reading adds.

Properly carried out, the attack approach allows malicious processes to be hidden, hijacked system calls, and remote backdoors onto compromised machines to be established without creating much in the way of clues that an attack is taking place. Ahead of Lineberry's presentation, entitled Alice in User-Land: Hijacking the Linux Kernel via /dev/mem, the security researcher has published a paper on the attack here (pdf). ®