'Month of Kernel Bugs' Ends, First Adware for Mac OS X?

Last month's Month of Kernel Bugs (MOKB) has concluded, and a total of 10 Mac OS X vulnerabilities has been found. The vulnerabilities were wide-ranging, from a wireless driver exploit to a system call, multiple disk image vulnerabilities, and most recently an AppleTalk vulnerability (among others). Apple patched the first wireless driver exploit along with other unrelated vulnerabilities this week, however all remaining MOKB vulnerabilities remain un-patched.

Interview
MOKB organizer "LMH" spoke to MacRumors about the project. According to LMH, most of the project's time was spent on Linux and the Mac OS, both of which were described as "not hard" to break.

The Linux kernel takes little time to break. I'm more familiar with the code and thus it also takes less time to isolate issues. OS X kernel (XNU) takes less time but depending on the area you're checking, debugging and isolation may require a bit more time (if you take into account that AppleTalk source code is almost unreadable and totally deprecated) [...] I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC people on potentially interesting stuff to check. Not a huge reference of internal code nor NDA covered documents, but at least enough to start with.

In LMH's point of view, the state of Mac OS X security is not great.

From the technical perspective, OS X security is rather poor, at least when it comes to kernel-land code. This isn't a sign of negligence of Apple, but obviously when you take code from many different places and stick it together, it's prone to problems. Not just new ones but also old issues that 'went under the radar'. [...] (ed note: now comparing MS to Apple) I can say that Microsoft has a more thorough auditing process and investment when it comes to kernel code than Apple. They also have the advantage of having such code being produced within the company. Mac OS X kernel, for example, depends heavily on FreeBSD development. A security flaw in the FreeBSD kernel will likely affect OS X and probably other BSD "flavours"

However, just because LMH is a bit critical of Mac OS X's security, don't call him an Apple-hater.

Taking security arguments apart, I have to say that Mac OS X is a pretty well integrated system. It's tightly packaged [...] and nice looking. I'm an OS X user myself and I certainly feel like Apple has invested long time on tweaking the little details. Now they just have to invest a little more on security matters, but not hiring a 'turnover security firm' to do the consulting that leaves the job half done. That's what failed, IMHO.

First Adware for Mac OS X?
In related news, F-Secure claims to have received what is possibly the first ever proof-of-concept Adware program for Mac OS X. The program, dubbed iAdware, will launch Safari to specified web pages when the user used any number of applications, and installation of the adware did not require admin privileges.

Popular Stories

iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
apple ar headset concept 1

Apple's Headset Said to Feature 14 Cameras Enabling Lifelike Avatars, Jony Ive Has Remained Involved With Design

Friday May 20, 2022 6:50 am PDT by
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
apple music

Apple Increases Apple Music Subscription Price for Students in Several Countries

Sunday May 22, 2022 1:57 am PDT by
Apple has silently increased the price of its Apple Music subscription for college students in several countries, with the company emailing students informing them their subscription would be slightly increasing in price moving forward. The price change is not widespread and, based on MacRumors' findings, will impact Apple Music student subscribers in but not limited to Australia, the...
iPhone 13 Face ID

'High-End' iPhone 14 Front-Facing Camera to Cost Apple Three Times More

Monday May 23, 2022 7:05 am PDT by
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports. Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...