Experts Say Intel-Based Macs Could Invite More Exploits
Mac OS X includes features that make it a target for malware, and the Intel-based Macs may be even more vulnerable than their PowerPC predecessors, said Kevin Finisterre, a security researcher who created the three recent versions of Inqtana, a proof-of-concept worm that spreads through a vulnerability in the Bluetooth feature of Mac OS X.
“I honestly think that the general ‘script kiddie’ crowd is more familiar and comfortable on an Intel processor vs. a PowerPC,” Finisterre said.
Simply moving from the 4-byte instructions that PowerPCs use to the 1-byte instructions Intel processors use lowers the bar for exploits, he added.
Certain techniques that couldn’t be used on PowerPC Macs, such as exploiting unicode-based buffers, are commonly used to target Intel-based machines, Finisterre said.
Apple could use the XD (Execute Disable) security technology embedded in newer Intel processors to batten down the hatches on Intel-based Macs, Finisterre said. XD technology blocks viruses by rendering certain types of code non-executable. “If Apple makes proper usage of [XD technology], this could make things a little different with regards to exploitation,” he said.
An Apple spokesperson confirmed that XD is activated in all Intel-based Macs.
Michael Oh, president of Tech Superpowers, a Boston-based solution provider, said Apple has taken a proactive approach to security and has quickly issued patches for each exploit.
Although he doesn’t feel that Intel-based Macs will necessarily be more of a target for malware, Oh said new applications developed in the Intel architecture could open the door for cross-platform attacks.
For example, if a Mac were running Windows applications through a virtual PC with access to the hard drive and shared resources of the Mac, it would be possible to deposit code and destroy data on the Mac OS X side, Oh said.
“There’s a double-edged sword aspect to making these machines Windows-compatible,” Oh said.
Inqtana is one of several recent Mac-related security issues. When activated, the Inqtana worm scans for other Bluetooth-enabled devices and tries to transmit itself wirelessly to other machines. Finisterre alerted Apple of the vulnerability in February.
In February, researchers discovered a hole in Apple’s Safari browser that could provide an entry point for malware, and a Trojan Horse that spreads through Apple’s iChat instant-messaging software. In January, four critical security vulnerabilities were identified in Apple’s QuickTime and iTunes applications.