'Month of Kernel Bugs' Ends, First Adware for Mac OS X?

Last month's Month of Kernel Bugs (MOKB) has concluded, and a total of 10 Mac OS X vulnerabilities has been found. The vulnerabilities were wide-ranging, from a wireless driver exploit to a system call, multiple disk image vulnerabilities, and most recently an AppleTalk vulnerability (among others). Apple patched the first wireless driver exploit along with other unrelated vulnerabilities this week, however all remaining MOKB vulnerabilities remain un-patched.

Interview
MOKB organizer "LMH" spoke to MacRumors about the project. According to LMH, most of the project's time was spent on Linux and the Mac OS, both of which were described as "not hard" to break.

The Linux kernel takes little time to break. I'm more familiar with the code and thus it also takes less time to isolate issues. OS X kernel (XNU) takes less time but depending on the area you're checking, debugging and isolation may require a bit more time (if you take into account that AppleTalk source code is almost unreadable and totally deprecated) [...] I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC people on potentially interesting stuff to check. Not a huge reference of internal code nor NDA covered documents, but at least enough to start with.

In LMH's point of view, the state of Mac OS X security is not great.

From the technical perspective, OS X security is rather poor, at least when it comes to kernel-land code. This isn't a sign of negligence of Apple, but obviously when you take code from many different places and stick it together, it's prone to problems. Not just new ones but also old issues that 'went under the radar'. [...] (ed note: now comparing MS to Apple) I can say that Microsoft has a more thorough auditing process and investment when it comes to kernel code than Apple. They also have the advantage of having such code being produced within the company. Mac OS X kernel, for example, depends heavily on FreeBSD development. A security flaw in the FreeBSD kernel will likely affect OS X and probably other BSD "flavours"

However, just because LMH is a bit critical of Mac OS X's security, don't call him an Apple-hater.

Taking security arguments apart, I have to say that Mac OS X is a pretty well integrated system. It's tightly packaged [...] and nice looking. I'm an OS X user myself and I certainly feel like Apple has invested long time on tweaking the little details. Now they just have to invest a little more on security matters, but not hiring a 'turnover security firm' to do the consulting that leaves the job half done. That's what failed, IMHO.

First Adware for Mac OS X?
In related news, F-Secure claims to have received what is possibly the first ever proof-of-concept Adware program for Mac OS X. The program, dubbed iAdware, will launch Safari to specified web pages when the user used any number of applications, and installation of the adware did not require admin privileges.

Popular Stories

maxresdefault

Can't Get an iPhone 14 Pro? Here's Why You Should Wait for the iPhone 15 Ultra

Monday December 5, 2022 11:44 am PST by
Due to production issues at Apple supplier factories in China, the iPhone 14 Pro and iPhone 14 Pro Max are backordered and basically out of stock at every store. If you were planning to gift or receive an iPhone 14 Pro model for the holidays and didn't already get one, you're basically out of luck because they're gone until late December. Subscribe to the MacRumors YouTube channel for more ...
Apple advanced security Advanced Data Protection screen Feature

FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users

Thursday December 8, 2022 2:45 am PST by
Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection,"...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
maxresdefault

Hands-On With Apple Music Sing in iOS 16.2

Wednesday December 7, 2022 12:24 pm PST by
With the iOS 16.2 release candidate that came out today, Apple added the new Apple Music Sing feature that was announced earlier this week. We thought we'd check out the new karaoke feature to see how it works. Subscribe to the MacRumors YouTube channel for more videos. Apple Music Sing is available on modern iPhones and iPads, as well as the newest Apple TV 4K. It's built in to the Apple...
Apple car wheel icon feature yellow

Apple to Charge Under $100,000 for Apple Car, Launch Planned for 2026

Tuesday December 6, 2022 2:31 pm PST by
Apple is aiming to launch an Apple-branded consumer-oriented vehicle by 2026, and its goal is to hit a price point under $100,000 to make the car appeal to a wider range of customers, reports Bloomberg. Apple initially planned to design a car that might look similar to Canoo's Lifestyle Vehicle, where passengers could face one another in a limousine-style car with no steering wheel or...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Expected to Launch Next Week With These 12 New Features

Thursday December 8, 2022 7:05 am PST by
iOS 16.2 is expected to be released next week following nearly two months of beta testing. With last-minute additions like Apple Music Sing and Advanced Data Protection, the software update now has over a dozen new features for the iPhone. Below, we've recapped many of the new features coming with iOS 16.2, including Apple's new whiteboard app Freeform, two new Lock Screen widgets, the...
introducing apple music sing

Apple Music Adding a Karaoke Experience With Apple Music Sing

Tuesday December 6, 2022 7:09 am PST by
Apple today announced Apple Music Sing, a new feature in Apple Music that lets users sing their favorite songs with adjustable vocals and more. Apple Music Sing will utilize Apple Music's real-time lyrics to allow users to sing to their favorite songs using adjustable vocals, background vocals, and duet view to allow more than one singer.Apple Music Sing includes: Adjustable vocals: Users...
Twitter Feature

Twitter to Charge $11 Per Month for Twitter Blue on iPhone, $7 on Website

Wednesday December 7, 2022 6:47 pm PST by
Twitter plans to charge $11 per month for a Twitter Blue subscription on the iPhone in order to account for the 30 percent cut that Apple takes from in-app purchases, reports The Information. On the web, Twitter Blue will be priced at $7 per month. Prior to when Twitter Blue was paused, Twitter was charging $7.99 for a subscription, but the pricing will change before it relaunches. According ...
Apple advanced security Advanced Data Protection screen Feature

Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More

Wednesday December 7, 2022 10:00 am PST by
Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security. iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more,...