OS X Threat Landscape Document

[Symantec]

OS X Threat Landscape Document
<p>Succinct information regarding the OS X threat landscape is hard to come by. Much of the information regarding OS X security and threats is blatantly wrong, overwhelmed by flame wars, and generally hard to digest. This isn’t to say that researchers aren’t releasing accurate and cutting edge information regarding viruses, vulnerabilities, and exploitation vectors affecting the platform. On the contrary, it seems that many of the defenders or users of OS X are unaware of their existence, don't understand them, or simply choose to ignore them.</p>

<p>In light of all of the misinformation and confusion surrounding the topic, there is a lack of a sufficient summary of what threats have affected OS X and what research is being carried out regarding the platform. So, I decided to document it. The document I set out to write was not meant to uncover anything new. No new vulnerabilities, exploit vectors, or rootkit techniques. Instead, I wanted to correlate and summarize the information that was already available to the public in a variety of papers and other documentation. The goal was to create a single source of reference that elucidates where the threat landscape of OS X truly stands today and where it is going to move in the days to come.</p>

<p>Earlier this year, I started documenting much of the useful research that has been carried out on the platform. This research has largely been undertaken by key researchers, including Dino, Nemo, HD Moore, Ilja, KF, and most recently, David Maynor and Johnny Cache with their kernel driver exploitation. I also started to compile information about the vulnerabilities, exploits, and rootkits that have been discovered, written, and released since the advent of OS X. After putting all of this information together, I started analyzing what features of OS X lend themselves to threats and what can be done to prevent this in the future. The document was then released to Symantec customers and is now being made available to the public.</p>

<p>Some of the points of discussion in the document are:<br />
• Significant vulnerabilities that have affected OS X and its applications.<br />
• Exploits that have been released and associated research that is available.<br />
• Malicious code that has affected the platform.<br />
• Rootkits that have been developed and released.<br />
• The technology that is available to prevent some of these threats.<br />
• Areas where defense and security can be improved.</p>

<p>The OS X threat landscape summary document is available from the location given below and hopefully will be of value to those who read it. If nothing else, I hope that it can be used as a reference point of user education for those who have, until now, felt that OS X is somehow impervious to the exploitation that plagues all other platforms.</p>

<p><a href="http://downloads.securityfocus.com/downloads/MacOSX_DeepSight_Report.pdf">http://downloads.securityfocus.com/downloads/MacOSX_DeepSight_Report.pdf</a></p>

<p>Apple is poised to release Leopard (OS X 10.5) in the near future and there are some significant new functionalities in the security area that are said to be coming. For ongoing discussion, Symantec hosts the Focus-Apple mailing list, which will no doubt host discussions about some of the new features of Leopard, as well as the security landscape in general.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/11/os_x_threat_landscape_document.html
http://www.symantec.com/enterprise/security_response/weblog/2006/11/os_x_threat_landscape_document.html
Wed, 15 Nov 2006 12:00:00 -0800