Jun 10, 2010

Windows 7 and Mac OS X both hit by fundamental flaws

Windows 7 and Mac OS X each have a new, fundamental flaw that will be presented at the Hack in the Box conference in Amsterdam in July. These security holes are so close to the core operating systems that fixing them may be very hard.
Windows 7 has an issue in the 64-bit edition of the operating system.
Security researchers at Sogeti/ESEC, Christophe Devine and Damien Aumaitre, discovered weaknesses in Direct Memory Access (DMA). An attacker could use those vulnerabilities to get access and take control of the machine, thereby bypassing all security features of the operating system.
"The problem is related to the functioning of the motherboard, so it is quite irresolvable in software.

This is quite a fundamental problem, because an attacker basically can manipulate the PC's memory."

The Mac OS X issue is somewhat easier to fix, although the impact of this security hole is bigger, according to Kannabhiran. The flaw affects not only Macs, but could also affect the iPod Touch, iPhone and iPad, because they all use the same OS X base. Security researcher Ilja van Sprundel from IOActive discovered this hole. He can use it to manipulate the IOKit element of the operating system and through that exploit a wide range of bugs to affect Mac OS X devices.

its all about the kernel functionality of Mac OS X. Whether this is intrinsically linked to the hardware remains to be seen said by Kannabhiran.Hack in the Box expects responsible disclosure from the security researchers. Microsoft and Apple have been notified of these security holes and are supposedly looking into them. Neither company commented on the matters.

[Via infoworld.com]
Related Posts Plugin for WordPress, Blogger...