>>It was another grim day for internet security

I would call that a great day. Scary, but it's always better to have the good guys find the exploits first. Now only if vendors can fix them.

its really no suprise, if someone is determined enough any platfrom will fall no matter how secure it is touted to be.

this is awesome

The iPhone's code signing mechanism requires code loaded into memory to carry a valid digital signature before it can be executed. To get around it, the researchers used a technique known as return-oriented programming, which takes pieces of valid code and rearranges them to form the malicious payload.

hadn't heard of that before, mind blowing concept, great article. I like the fella arriving at the conf with 20 working hacks for safari. It sounds like Apple got it the worst.

What a lot of people don't realize is these people work on such things as full time jobs. Also, some of these cracks are carried over from years past. For example, the guy who won that you all heard about cracked Safari(?) in 2 minutes or something, he used a crack he discovered the year before. That's the only reason he was able to accomplish it so fast.

Yes it is scary that this can be done so easily but keep in mind they were able to do it only by clicking a link to a site with the malicious code.

With link checkers and emails blocking links, and people becoming more aware of bad links, it is harder and harder to get people to click a bad link, but obviously it happens.

Safari on a mac goes down the quickest every year.

Like I said, it is neither easy nor as quick as it seems.

It sounds like Apple got it the worst

The real reason people around me switched to Apple was the safety from viruses.

When that goes (not if, but when), Apple will become just another M$.

This is why I run NoScript and RequestPolicy (in Firefox), even though it clearly upsets webmasters who rely on advertising, as discussed in this WW thread:

[webmasterworld.com...]

The fact is, browsers are overloaded with hooks and functionality that is of no use most of the time, but which is begging to be abused by crackers.

I don't run the anti-functionality software to banish ads. (I don't even see the ads anymore.) I run it to make it that little bit harder for black hats to crack my system.

When that goes (not if, but when), Apple will become just another M$.

You presume too much.

The real reason people around me switched to Apple was the safety from viruses.

When that goes (not if, but when), Apple will become just another M$.

Macs are just as vulnerable as Windows PCs, it only seems like Windows is more vulnerable because most exploits on the web are written for windows systems... The reason for this is the market share of people online using windows.

If you are a hacker and you are writing an exploit would you write it for 20% of web surfers or would you write it for 70% of web surfers?

Obviously the intent of an exploit is to infect as many machines as possible so it only makes sense that you would target the largest group.

If Apple enjoyed the same market share as Windows they would endure the same amount of exploits targeting them.

If Apple enjoyed the same market share as Windows they would endure the same amount of exploits targeting them.

According to the book "The Success of Open Source" written by Stanford and published by Harvard, that's not true.

In any case, the presumption is that the underlying operating system is equally vulnerable which is definitely not true.

And since IE is the most used browser on Windows and also the most vulnerable, this also detracts from that statement.

The real reason people around me switched to Apple was the safety from viruses.

When that goes (not if, but when), Apple will become just another M$.

the only safety you have from viruses is the lack of time going into the small marketing share OS. So its a false sense of security. Just like we see here, safari isn't actually more secure.

And the amount of time that goes into breaking into windows and viruses MS is actually doing a pretty good job if keeping its OS secure.

It makes me laugh to here people say they switched from windows to mac cause of viruses. Use comment sense and protection and you don't have an issue with viruses.

Use comment sense and protection and you don't have an issue with viruses.

I think I see a problem.

@J_RaD,
I've got the perfect graph for you but this board doesn't allow links. It would make you do a quick 180 on that thought.

If the Mac was not vulnerable why would the major virus protection companies write software for the Mac? From a dev company point of view those r&d resources could be better expended elsewhere than creating software for a "non-vulnerable" OS.

Malware is written for the installed market...and at this time that is PC. There are Mac virii out there, and more coming each day... because the malware authors have realized that Mac fanbois have more money and less exposure to their tricks simply because those users aren't used to them... yet!

because the malware authors have realized that Mac fanbois have more money and less exposure to their tricks simply because those users aren't used to them

yap. apple fanboys are a quite homogenous audience. so it makes complete sense to choose them as target group..

The real reason people around me switched to Apple was the safety from viruses.

..plus they seem to be a bit naive and not resistant against malware and viruses because of lack of contact. that could compromise much more systems relatively to the pc world.

Obviously the intent of an exploit is to infect as many machines as possible so it only makes sense that you would target the largest group.

no more. think about the possibilities and the bigger fallout percentage.

That is some scary hacking going on:

The iPhone's code signing mechanism requires code loaded into memory to carry a valid digital signature before it can be executed. To get around it, the researchers used a technique known as return-oriented programming, which takes pieces of valid code and rearranges them to form the malicious payload.

As a result, the hackers were able to create a website that when visited by the Apple smartphone forced it to spill a copy of its SMS database. The file includes a list of contacts as well as complete copies of messages that have been sent and received.

As the hacking contest shows us every year, web facing applications are continuing to be a challenge. Amazing to me that just visiting a website can cause that kind of a data spill!

I recently acquired my first virus in ten years by visiting a maliciously hacked site with a PC version of Opera AND up-to-date anti-virus software. No doubt about it, web facing applications have a tough life.

The article referenced in the OP spoke of web facing applications, not the underlying OS. I'm wondering how secure linux browser versions are. There is a linux Firefox version... perhaps it suffers from the same exploits as the Win and Mac versions.

PC is beginning to work diligently to prevent malware success... Mac is (whether most know it or not) gearing up. Adobe finally woke up to exploits of their web apps... will linux be far behind?

We know the bad guys aren't going to quit. They just migrate to where they have less resistance.

succumbing to exploits that allowed them to be remotely commandeered

That's a joke and a half. Being remotely commandeered is a design feature built in for company and government benefit, you can't blame the hacker for running into some of these back doors.