'Month of Kernel Bugs' Ends, First Adware for Mac OS X?

Last month's Month of Kernel Bugs (MOKB) has concluded, and a total of 10 Mac OS X vulnerabilities has been found. The vulnerabilities were wide-ranging, from a wireless driver exploit to a system call, multiple disk image vulnerabilities, and most recently an AppleTalk vulnerability (among others). Apple patched the first wireless driver exploit along with other unrelated vulnerabilities this week, however all remaining MOKB vulnerabilities remain un-patched.

Interview
MOKB organizer "LMH" spoke to MacRumors about the project. According to LMH, most of the project's time was spent on Linux and the Mac OS, both of which were described as "not hard" to break.

The Linux kernel takes little time to break. I'm more familiar with the code and thus it also takes less time to isolate issues. OS X kernel (XNU) takes less time but depending on the area you're checking, debugging and isolation may require a bit more time (if you take into account that AppleTalk source code is almost unreadable and totally deprecated) [...] I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC people on potentially interesting stuff to check. Not a huge reference of internal code nor NDA covered documents, but at least enough to start with.

In LMH's point of view, the state of Mac OS X security is not great.

From the technical perspective, OS X security is rather poor, at least when it comes to kernel-land code. This isn't a sign of negligence of Apple, but obviously when you take code from many different places and stick it together, it's prone to problems. Not just new ones but also old issues that 'went under the radar'. [...] (ed note: now comparing MS to Apple) I can say that Microsoft has a more thorough auditing process and investment when it comes to kernel code than Apple. They also have the advantage of having such code being produced within the company. Mac OS X kernel, for example, depends heavily on FreeBSD development. A security flaw in the FreeBSD kernel will likely affect OS X and probably other BSD "flavours"

However, just because LMH is a bit critical of Mac OS X's security, don't call him an Apple-hater.

Taking security arguments apart, I have to say that Mac OS X is a pretty well integrated system. It's tightly packaged [...] and nice looking. I'm an OS X user myself and I certainly feel like Apple has invested long time on tweaking the little details. Now they just have to invest a little more on security matters, but not hiring a 'turnover security firm' to do the consulting that leaves the job half done. That's what failed, IMHO.

First Adware for Mac OS X?
In related news, F-Secure claims to have received what is possibly the first ever proof-of-concept Adware program for Mac OS X. The program, dubbed iAdware, will launch Safari to specified web pages when the user used any number of applications, and installation of the adware did not require admin privileges.

Popular Stories

iOS 17 on Phone Feature

Gurman: iOS 17 to Provide Several 'Most Requested Features'

Sunday March 26, 2023 6:05 am PDT by
Apple changed the strategy for iOS 17 later in its development process to add several new features, suggesting that the update may be more significant than previously thought, Bloomberg's Mark Gurman reports. In January, Gurman said that iOS 17 could be a less significant update than iPhone updates in previous years due to the company's intense focus on its long-awaited mixed-reality...
iOS 16

iOS 16.4 Will Add These 8 New Features to Your iPhone

Sunday March 26, 2023 8:06 am PDT by
Following nearly six weeks of beta testing, iOS 16.4 is expected to be released to the public as soon as this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and...
apple mixed reality headset concept by david lewis and marcus kane

Some Apple Employees Seriously Concerned About Mixed-Reality Headset as Announcement Draws Closer

Sunday March 26, 2023 8:25 am PDT by
Some Apple employees are concerned about the usefulness and price point of the company's upcoming mixed-reality headset, The New York Times reports. Apple headset concept by David Lewis and Marcus Kane Initial enthusiasm around the device at the company has apparently become skepticism, according to eight current and former Apple employees speaking to The New York Times. The change of tone...
Steve Jobs Theater dusk

Apple Reportedly Demoed Mixed-Reality Headset to Executives in the Steve Jobs Theater Last Week

Sunday March 26, 2023 5:53 am PDT by
Apple showcased its mixed-reality headset to the company's top 100 executives in the Steve Jobs Theater last week, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that the "momentous gathering" is a "key milestone" ahead of the headset's public announcement planned for June. The event was intended to rally Apple's top members of...
top stories 25mar2023

Top Stories: iPhone 15 Pro Design Leak, iOS 16.4 Coming Soon, and More

Saturday March 25, 2023 6:00 am PDT by
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware. iOS 16.4 and associated releases are also right around the corner with some new ...
iOS 16

Apple Releases iOS 16.4 With New Emoji, Safari Web Push Notifications, Beta Changes, Voice Isolation for Calls and More

Monday March 27, 2023 10:03 am PDT by
Apple today released iOS 16.4, the fourth major update to the iOS 16 operating system that initially came out last September. iOS 16.4 comes two months after the launch of iOS 16.3, an update that added Security Keys for Apple ID. iOS 16‌.4 and iPadOS 16.4 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. It can take a few minutes...
Hero0009

Best Apple Deals of the Week: Samsung's Smart Monitor M8 Gets Massive $250 Discount, Along With Year's Best AirPods Prices

Friday March 24, 2023 10:23 am PDT by
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below. Note: MacRumors is an affiliate partner with some of these ...
dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...