With the release of the details behind last years mysterious wireless driver OS X exploit we can finally see what was really going on. The exploit was real and Apple decided to suppress it with an NDA ( and probably a nice crate of Apple goodies).
Disclaimer: I am a huge Mac/Apple zealot.
It is interesting that Apple NDA’ed there way out of what looks like a fairly standard BOF (Buffer Overflow)/Packet of Death situation. I mean how many of these has MS, Sun, HP and the Linux world had to deal with? Usually with no notice at all. What this says to me is that Apple has no security response plan in place at all (other than to “lawyer up”). This reminds me of MS circa 1998. Completely clueless about the security world, the response it should give and how timely it should be.
It also shows me the Apple will copy’n'paste code for the open source community (legally it appears) and do little or no code audit on that code. Smells like when Cisco acquires a company and the next release is basically the last release with the acquired companies name replaced with Cisco’s. This is somewhat troubling. I am a big supporter and user of Open Source software. Every server I have control over runs either debian, Ubuntu or Centos. However you have to understand that while the kernel might have fairly tight controls to prevent BOF or other issues, the further away you get from the kernel the more crufty the code can become. Outside a few very well known projects (Apache,FireFox and MySQL come to mind) I would be hard pressed to include any code that was not given a fairly good security review in a commercial project I was in charge of. From the business perspective, Apple is smart to leverage the OS software movement in there OS. It can be smart from a security perspective as well, but you have to treat this code with a suspicious eye.
Lastly the thing that really jumped out at me about this paper was the play-by-play given to finding, debugging, and exploiting the issue on the Mac platform. After I read it I felt the same way I did after reading Smashing The Stack For Fun And Profit that funny feeling that the world just changed. I knew that debugging Intel/PPC binaries on the Mac was a real pain. I spoke to a few people I know over at Apple and they walked me through it once. About five minutes in I glazed over. My limited experience with gdb told me I would never want to attempt to code an exploit using it to debug (not that I have the skills to code an exploit, or even code something that works 
David Maynor clearly has the patience and skill to do it as well as a great ability to explain it. I hope I am wrong but I predict a rapid increase in the number of security issues found on OS X and that 2008 will bring the first mass exploitation on the platform.
I was growing comfortable being on a relatively obscure platform with a difficult to work with debugging environment. I often gave my friends a smug little “Gat a Mac!” remark when they had to fight yet another spyware/virus invasion. I guess Karma is a real bitch.
I really hope I am wrong.
If you enjoyed this post, make sure you subscribe to my RSS feed!
