 "Mac Flaw Could Let Hackers Get Scrambled Data")
A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves.
Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world’s top forums for exchanging information on Internet threats. About 4,000 security professionals are in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes.
It is not illegal to publish software that can be used to hack into computer systems, though it is against the law to use it to break into them. Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s Windows operating system. Security experts have identified at least three viruses infecting Macs over the past year. The most sophisticated of them is spread via pirated versions of Apple’s iWorks software. It allows cybercriminals to take complete control of an infected Mac.
Another virus, OSXPuper a, is spread via infected websites that direct users to download what they say is a video player, but turns out to be malicious software. That software can subsequently download other types of viruses. Dai Zovi, a security researcher and co-author of “The Mac Hacker’s Handbook,” said on Wednesday that once hackers start to put substantial resources into targeting Apple’s computers, they will be at least as vulnerable as Windows machines. “There is no magic fairy dust protecting Macs,” he said in an interview. The technique that Dai Zovi unveiled on Wednesday — dubbed “Machiavelli” — only works on machines that have already been victimized. It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.
An Apple spokeswoman could not be reached for comment.