Thunderbolt Security Issues

Published by hirantha at 9:09 AM under Apple | Apple | Intel | Intel

Intel-ThunderboltApple released a new set of Macbook Pros few days ago, sporting the first implementation of  "Thunderbolt", a new interconnect technology based on what Intel so far called "Light Peak". It promises 10 GBit/sec duplex connectivity to everything from storage to video devices. The technology is similar to Firewire (i.Link, IEEE 1394) in some ways. Like for Firewire, multiple devices may be daisy chained. However, if a display port display is used as part of the chain, the display has to be the last device in the chain.

One speculation put forward in an article in the register is that devices connected via Thunderbolt are not authenticated and like for Firewire, have full bus access. This speculation is supported by the so far available material form Intel and Apple. Like with Firewire, this bus would provide direct access to RAM and possibly disks. As a result, a malicious device may be able to read RAM and disks without authentication.

These attacks have been shown to work for Firewire, and have been used for example in memory forensics to extract memory content from live systems. However, with the larger variety of devices expected for thunderbolt, it may be more of a threat. In particular, the scenario put forward in the article: Connecting a laptop to a projector at a conference via display port. There is no telling if inside the projector a second device sits in line waiting to extract memory from the attached laptop.


  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


Apple OS X 10.6.5 Patches 131 Security Flaws

Published by hirantha at 11:11 AM under Apple | Security

Apple released OS X 10.6.5  Security Update 2010-007 on Nov 10th, patching 131 vulnerabilities across both Mac OS X and Mac OS X Server. Full details of the vulnerabilities addressed are covered in Apple's related knowledgebase article, released Thursday.

Interestingly, among the updates is a patch for the Flash Player plug-in. According to Apple, "multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version"

Apple KB : http://support.apple.com/kb/HT4435

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


Apple Safari 4.0.4 Released

Published by hirantha at 5:53 AM under Apple | Security

Safari 4.0.4 was released yesterday for download, affecting both OS X and Windows versions.

Multiple security issues are addressed in this version, including remote code execution, process termination and disclosure of information issues.  Also one fix for a specific coss-site request forgery (CSRF)


  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


First iPhone worm discovered

Published by hirantha at 6:19 AM under Apple | Security

Apple iPhone owners in Australia have reported that their smart phones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley.

The worm, which could have spread to other countries although there are no confirmed reports outside Australia, is capable of breaking into jail broken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again

On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message:

ikee is never going to give you up

What's clear is that if you have jail broken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, "alpine". In fact, it would be a good idea if you didn't use a dictionary word at all.

The worm will not affect users who have not jail broken their iPhones or who have not installed SSH.

SophosLabs is analyzing the worm's code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labeled the "D" version) is that it tries to hide its presence by using a file path suggestive of the Cydia application.

Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper. However, that doesn't mean that attacks like this can be considered harmless.

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses