Proof of concept adware program for OS X announced

Online fraudsters may be ready to put Mac users in their sights. On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights.

We won't disclose the exact technique used here - it's a feature not a bug - but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires copy permissions."

Vulnerability researchers have increasingly focused on finding flaws in the Mac OS. During the month of November, two serious flaws in Apple's operating system were disclosed as part of the Month of Kernel Bugs (MoKB) project. The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.

News source: SecurityFocus

Report a problem with article
Previous Story

Intel pressures Via to stop making CPUs

Next Story

Linux may infringe on Microsoft's patents

63 Comments

Commenting is disabled on this article.

Quote - Korben_Dallas said @ #21
You might not be able to compare Windows to Linux to Mac OS, but a vulnerability is a vulnerability....

US-CERT Vulnerability Note VU#367424


That's a long standing flaw, so I'm not sure why it's being updated except to raise the number of 'new' vulnerabilities in OS X. That said, it is a problem and one that more knowledgeable Mac users have been asking Apple to fix for awhile now. A fix for the root problem would be wonderful, but even changing Safari's default behaviour would be nice.

As I've said before, Apple is generally rather good about this sort of thing, but this is one of those cases where they've dropped the ball.

Greetings All,

Being honest, reading the majority of comments, it seems that a few people are quite squarely aiming at a 'Mac User' stereotype. Please, remove your glasses and think. I've been a Windows User for the past 10 years, 6 months ago I began using Windows and Linux and yesterday I bought an Intel Core 2 Duo powered Apple MacBook. So I now use Windows, Linux and Apple Mac. Has my Security stance changed? No. Not at all. I still use my common sense.
On all three Operating Systems I have to remove myself for the Adminstrators Group and run with non-Adminstrative priviledges. Should this happen that we're given Administrative rights by default? In my opinion, no. But there are reasons for it for each. It's preferential as to whether it applies to certain Linux distributions. I use strong passwords on all online accounts and Local User accounts, I change them regularly.

I filter any SPAM. I'm careful as to what personal information I give online. I don't open E-Mail from people I don't know. If using Windows I use up-to-date AntiSpyware and AntiVirus software and an AntiRootKit tool. With Linux I use an AntiRootKit tool and it'll be the same for my Mac. That's one threat that's apparent on all OS.
Too many people's comments are geared towards the idea of 'Your OS Is Insecure If It Has Viruses'. That's not true. If you think that, you're thinking about Security wrong. Security isn't just protecting yourself from Malware, it's about protecting your personal information and using your head. A Mac User is just as vulnerable to a Phishing Attack as a Linux or Windows User. Now there's a surprise.

It also seems that people have the presumption that Mac Users think they're invulnerable and, although yes there are some that do - I certainly don't. I bought my Macintosh fully knowing the implications. It's the same with any Operating System. You take risks being online with Windows, Macintosh, or Linux. Yet another common trait. Seeing a pattern? If you are, good. If you're not, I suggest you buy 'Secrets And Lies' by Bruce Schenier and open your eyes. I'm vulnerable whichever platform I use, as are you, but there are so many variables to consider, the simple fact is that all Operating Systems are insecure.

Also, before is said, you can't compare Windows to Linux to Mac OS, because they all have differing Design Architectures, Filesystems and Security Architectures. It's simple.

Regards,

Scott Ainslie Sutton

I don't see this as anything new. There are numerous programs that trigger a webpage to open upon denial of agreement, or nagging you to buy the software after it's closed.


I sum this up to nagware at most.

All the Mac Fanboys are commenting like this is no big deal or it's a "feature" or it won't have an impact... and the rest of us knew this all along... Mac is not invincible.

Big surprise.

A large majority of Mac users have known that all along as well. The problem is that you have an increasing number of 'new' Mac users that have gotten it in their head that "more secure" means "infallibly secure".

This particular POC is no big deal and what it may possibly be "exploiting" is a feature. While details are too scant to make an informed analysis, it is rather doubtful this will have any sort of lasting impact.

As far as Mac fanboys go, they should be ignored just as fanboys of any variety are. Almost as bad as fanboys are uninformed naysayers who jump at a chance to ridicule Mac users for their platform of choice.

Mac fanboys, contrary to what you said, accept that there are flaws for OS X.

We don't say it's a feature or something, because this part of the article is quite obscure IMHO. They aren't very credible because they don't say what feature it is exactly.

This is only proof of concept for some AD-WARE it will never do any harm to osx even if it goes to wild...

While talking lets not forget that for windows setup you also need an antivirus software to be only close so secure as you are on osx default installation.
First thing i do when i install windows is install antivirus... when installing osx i just start working for example...

Quote - CoolBits said @ #17
This is only proof of concept for some AD-WARE it will never do any harm to osx even if it goes to wild...

While talking lets not forget that for windows setup you also need an antivirus software to be only close so secure as you are on osx default installation.
First thing i do when i install windows is install antivirus... when installing osx i just start working for example...

and this is the exact reason that as more flaws and exploits are found and put to use, a large number of Mac users will have problems with their machines.

Windows 3.1 was probably as unsecure as an OS could be, but no one had problems with it because far less people were writing viruses for it and trying to exploit it. As a result, no one used any sort of anti-virus software for it. As Windows became more popular and the internet became the fastest way to transfer information in history, more viruses popped up, and people developed ways to protect against them.

Now as Macs are becoming more popular, there will be more viruses and exploits identified and put into use, and as a result, Mac users will have to find a way to protect against them. Just because today you don't need anti-virus software for your Mac, doesn't mean that in the future you will continue to not need it. If I were to run Windows 3.1 today or even Windows 95 without any anti-virus software I would be screwed, but back when it was first on the market, I would have been fine.

Does that make any sense?

Yet another proof of concept. These things never seem to make it past the conceptual stage and into the wild, because it's extremely difficult for malware to propagate on OS X.

All this is making my head hurt. There really needs to be a concerted effort to let new (uneducated) Mac users know that despite how great an operating system OS X is, it is not immune to this sort of thing. No OS is. Mac users who already don't, also need to be aware that Apple is quite secretive about everything, including potential flaws in OS X until those flaws have been verified and addressed. However, unlike what a few have insinuated, Apple has an excellent track record when it comes to acknowledging a flaw once is has been verified and crediting those who discovered the flaw. And no, the flaws found regarding the Airport WiFi adapters were not related to what Maynor and Elch propose to have discovered (so let's not wag that dog).

While this (being the adware POC) truly isn't that great of a threat to the security of OS X (anyone with a general level of knowledge concerning what is being exploited would know this), it does open up some possibilities that will need to be addressed by Apple. The problem with that is Apple's less than stellar record in fixing 'flaws' that are not outright security issues (e.g. how Safari handles automatically opening DMG and other 'trusted' files).

i thought it was known that hackers dont bother with OSX simply because the greater population doesnt use it.
Would u rather exploit millions of people or a measly hunderd. Remember the more out their the better your success rate

Growing market share = growing exploits and bugs found

If Apple ever reaches 10% in the computer market... all hell will break lose

We could say the same with Firefox. Now that it's become more popular, it gets more attention from the hackers and many exploits are found for it. The thing is that it's still more secure than IE... It's the same case with Apple and MS. Apple makes more secure stuff, but as it gets popular, people discover flaws for their products.

Quote - PsykX said @ #11.4
We could say the same with Firefox. Now that it's become more popular, it gets more attention from the hackers and many exploits are found for it. The thing is that it's still more secure than IE... It's the same case with Apple and MS. Apple makes more secure stuff, but as it gets popular, people discover flaws for their products.

"More secure stuff"? I would say "More locked-down stuff". Some of the biggest security flaws in Windows have been caused by Microsoft adding highly innovate features and ease of access for developers. Sadly the world isn't perfect and retareded hackers spend all of their time trying to exploit the work that Microsoft does.

Quote - mrmckeb said @ #11.1
The truth has been spoken. Nobody attacks a small target...

Funny, I remember the Amiga having many many viruses written for it back in the day, and they never had even half of the market share that Apple has today. I guess that blows the whole marketshare==viruses myth out of the water, doesn't it?

Quote - roadwarrior said @ #11.6
Funny, I remember the Amiga having many many viruses written for it back in the day, and they never had even half of the market share that Apple has today. I guess that blows the whole marketshare==viruses myth out of the water, doesn't it?

Previous versions of Mac OS (as in pre-OS X) did as well.

wtf F-Secure is actively creating ad ware so they can sell more of their software, that sucks

still its only Ad-ware, as long as they don't start making virus or spyware, right?

Not really sure I like F-secure and others finding flaws in the Mac OS. I guess right now there is zero market for anti-virus/system protection solutions on that platform. To me it looks like F-secure is trying to create the demand for protection themselves. :(

As for the Windows / OS X debate, I think everyone agrees that Windows for a long time has, and still is less secure. However, it is more convenient, and for most people that is enough. There is no limit as to "how secure" you can get, but what is the point - you are probably trying to accomplish some tasks, and it's best to find a balance between performance and security.

Holy Hannah! You don't like Security Analysts finding fault with your Mac OS? Would you rather have them NOT find flaws and let the actual bad-guys pwn your MacBook or your Mac Mini?
:laugh:
Welcome to the joy that us Windows users have been dealing with for years.

Will I shed a tear for you and other Mac users who now get to experience the joys of dealing with Adware and Spyware? NOPE! NOT ONE SINGLE TEAR.

Will I sympathize? NOPE! Computer-bigots never did for the Windows platform, so why should we even give the user-with-a-now-poor-exploitable-Mac the time of day? What I will do is help my poor Mac-using friends in practicing safe computer use.

Feels a little different with the shoe on the other foot, huh?

Quote - ScottKin said @ #8.1
Holy Hannah! You don't like Security Analysts finding fault with your Mac OS? Would you rather have them NOT find flaws and let the actual bad-guys pwn your MacBook or your Mac Mini?
:laugh:
Welcome to the joy that us Windows users have been dealing with for years.

Will I shed a tear for you and other Mac users who now get to experience the joys of dealing with Adware and Spyware? NOPE! NOT ONE SINGLE TEAR.

Will I sympathize? NOPE! Computer-bigots never did for the Windows platform, so why should we even give the user-with-a-now-poor-exploitable-Mac the time of day? What I will do is help my poor Mac-using friends in practicing safe computer use.

Feels a little different with the shoe on the other foot, huh?

not wanting to burst your bubble here but were talking about ad-ware not spyware or a virus etc

Quote - ScottKin said @ #8.1
Holy Hannah! You don't like Security Analysts finding fault with your Mac OS? Would you rather have them NOT find flaws and let the actual bad-guys pwn your MacBook or your Mac Mini?
:laugh:
Welcome to the joy that us Windows users have been dealing with for years.

Will I shed a tear for you and other Mac users who now get to experience the joys of dealing with Adware and Spyware? NOPE! NOT ONE SINGLE TEAR.

Will I sympathize? NOPE! Computer-bigots never did for the Windows platform, so why should we even give the user-with-a-now-poor-exploitable-Mac the time of day? What I will do is help my poor Mac-using friends in practicing safe computer use.

Feels a little different with the shoe on the other foot, huh?


I've always sympathised with this situation. The security industry is generally divided in to two groups: those who pioneer - the guys who discover the original bugs, and secondly the people that exploit them mindlessly (ala script kiddies, whatever the modern term is.) The pioneers create the demand -- these 'proof of concepts' often turn in to a big flag of "attack here". It's a silly situation.

I have a lot of respect for F-Secure as a security analyst, but realistically this issue would of best been directed to the Apple developer team - I see no reason other than publicity to announce this.

Quote - Yazoo said @ #8.2

not wanting to burst your bubble here but were talking about ad-ware not spyware or a virus etc

So for Windows users, you won't give a damn whether it's called adware or spyware, but you do when Macs are involved?

And mind you, since this POC has been proven successful, it means that even SPYWARE (dum duuuuuuuum), or VIRUSES (duuum duuuuuuuuuuuuuuuum) can make their way to your beloved platform.

Reminds me of that guy who had an e-mail problem, and I asked him if he had an anti-virus, he responded "I have a Mac!". Told him that this didn't tell me if he had an anti-virus, and he yelled "I HAVE A MAC!!!"... Silly users...

ROFL I love the way that people live with the conspiracy people only look for flaws in Macs because theres a waiting Anti Virus market to exploit.

If I sold a thousand cars and another car maker sold 2 does the fact that 15 of my cars go wrong a year mean there any less reliable? Nope its just theres a higher chance that you will hear about it. This is what MAC have been hiding behind for years with their rosy view that "Mac's don't get viruses" when it reality they were not popular enough for anyone to bother.

Virus Writers love this sort of corporate BS when a company says "<smug>This is the most secure product ever completely hack proof</smug>" its normally hacked within a week because people love a challenge and now that macs are getting popular there is a lush market ready to exploit.

Once the virus market hits the mac good and proper it will be a fun day because most people seem to think their computer is immune from viruses just because Apple tells them so.. They know less about computer security than the dozy "windoze" users and thats going to be their weak spot.

LMAO had a good laugh over this..

We won't disclose the exact technique used here - it's a feature not a bug - but let's just say that installing a System Library shouldn't be allowed without prompting the user,"

So we call them 'Features' now do we...haha classic

Oh so Microsoft is that much better huh? At least Apple is acknowledging the problem in some fashion. Microsoft denies the problem until they fix it.

Quote - Gahmahn said @ #5.2
Oh so Microsoft is that much better huh? At least Apple is acknowledging the problem in some fashion. Microsoft denies the problem until they fix it.

What? I think you have the two companies mixed up there.

Quote - Gahmahn said @ #5.2
Oh so Microsoft is that much better huh? At least Apple is acknowledging the problem in some fashion. Microsoft denies the problem until they fix it.

This smells just like a fan-boy reply. Please accept my humblest appologies if it wasn't a fan-boy response.

Now...where in the news article does it say that Apple announced a flaw in their OS? NOWHERE!

It was found by F-Secure - in case you don't know who they are, they are some of the more reputable Security groups around.

Next?

Quote - superhuman said @ #5.1
haha If they say it is a bug, Apple fans will be mad. better to say it is a feature.

Features are frequently used in any Operating System to introduce malicious code or create bugs. At this point, from F-Secure have suggested, this feature is the ability to quickly install and remove System Library functions. If used incorrectly, any feature can become malicious.

Quote - Kushan said @ #5.4

What? I think you have the two companies mixed up there.

Definately, Apple is the company that denies an exploit/bug/problem exiost untill they fixed it, then they deny there ever was a problem and they fixed no such thing.

None to worry. Apple will fix it for 10.4.9 (or Leopard).

Good to know that it can easily be stopped. Pitty can't say the same for Windoze.

Quote - TheReasonIFailed said @ #3.1
Am I mistaken or do you not have to pay to get 10.4.9?

And how can it "easily be stopped"?

10.x.x releases are free. 10.x releases are not.

Quote - nwBen said @ #3
None to worry. Apple will fix it for 10.4.9 (or Leopard).

Good to know that it can easily be stopped. Pitty can't say the same for Windoze.

I find it funny that you use this as a chance to take a shot at windows, while saying it's ok because you're sure Apple will fix it.
I could easily say the same about Microsoft, who have regular monthly updates to their OS (and support thier OS's for a lot longer than Apple do as well, but that's a moot point).

Quote - TheReasonIFailed said @ #3.1
And how can it "easily be stopped"?

Make it so a System Library can't be installed without user permission? Seems pretty logical to me.

Quote - david13lt said @ #3.4
So, why Microsoft didn't stop it 1-3 years ago?..

Stop it? Stop what?

Conquering the world? Why would they?

Quote - david13lt said @ #3.4
So, why Microsoft didn't stop it 1-3 years ago?..

Do you really think the vulnerabilities/attacks on Apple will stop if they fix this one flaw? How naive...

This is just the beginning - you Mac users had better pull your heads out of your asses and learn some fundamental security practices, or you're toast...

Quote - Davebo said @ #3.7

Do you really think the vulnerabilities/attacks on Apple will stop if they fix this one flaw? How naive...

This is just the beginning - you Mac users had better pull your heads out of your asses and learn some fundamental security practices, or you're toast...

Hahaha, who are they going to learn from? I can see Red Hat or Sun since they both release patches (usually) only days after the flaw is announced, but you better not have had Microsoft in mind. Someone above hit the nail on the head when they said 'monthly patches' from Microsoft... ok so let's all be vulnerable for weeks (up to a month even)!

Quote - nwBen said @ #3
None to worry. Apple will fix it for 10.4.9 (or Leopard).

Good to know that it can easily be stopped. Pitty can't say the same for Windoze.

Smart butt you use a Mac yet have no knowledge on it (and you support and argue about it!). The new Mac OS is not 10.4.9 but 10.5.

Haven't you heard, "Hackers and coders don't bother to make viruses for OS X because they think Mac users have suffered enough."

Quote - Swordnyx said @ #3.9

Haven't you heard, "Hackers and coders don't bother to make viruses for OS X because they think Mac users have suffered enough."

Imagine the nerd bashing you'd suffer proudly announcing you're able to hack Mac OS 10.4.1.13.8.4.987!!!!

Quote - Swordnyx said @ #3.9

Smart butt you use a Mac yet have no knowledge on it (and you support and argue about it!). The new Mac OS is not 10.4.9 but 10.5.

Haven't you heard, "Hackers and coders don't bother to make viruses for OS X because they think Mac users have suffered enough."

smarter butt, you use the internet and type the english language, yet you cannot read. He said 10.4.9 (OR Leopard). Meaning he did not say 10.4.9 was Leopard.

Quote - nwBen said @ #3
None to worry. Apple will fix it for 10.4.9 (or Leopard).

Good to know that it can easily be stopped. Pitty can't say the same for Windoze.

lol most of windows "Adware" is just as easy to stop and prevent its just that people using the Os are too stupid to prevent installing it or don't know enough about PC security to protect them selfs.

You could debate that Apple users are even more clueless than Windows Users when it comes to security because they believe in this spoon fed sugar coated world where they think their computer will never get a virus and they don't need to worry about their security just because its not windows.

Sure this one gets patched but what about the next and the next? The more market share a product has the more attacks will be aimed at it and the day when there are widespread viruses for macs will be a warm fuzzy day.

Quote - Unplugged said @ #3.12
\You could debate that Apple users are even more clueless than Mac Users when it comes to security because they believe in this spoon fed sugar coated world where they think their computer will never get a virus and they don't need to worry about their security just because its not windows.

Sure this one gets patched but what about the next and the next? The more market share a product has the more attacks will be aimed at it and the day when there are widespread viruses for macs will be a warm fuzzy day.


Apple users are even more clueless than Mac users? Wait, did you just say that Mac users are more clueless than themselves? :laugh:

News flash: Many Mac users have had experience in the PC world before "switching." We're not ignorant to the fact that our OS probably has flaws. You're just letting Apple stereotype us.

Quote - Elliott said @ #3.13

Apple users are even more clueless than Mac users? Wait, did you just say that Mac users are more clueless than themselves? :laugh:

News flash: Many Mac users have had experience in the PC world before "switching." We're not ignorant to the fact that our OS probably has flaws. You're just letting Apple stereotype us.

Edited ty.

Theres no stereo type to it a sterio type is used to describe a "Typical" type of person there are always people who break that mould. We have all seen the joke picture of the bloke that says "I know nothing about computers so I brought a Mac" well its actually spooky how close to the truth it is

I know a lot of people who know nothing about windows and brought a Mac because it looked pretty or because they brought into the Marketing BS from Apple that they are somehow immune to viruses and their computer will never crash.

There also a few people I know who brought macs because they installed their mates copy of Windows XP on their old 98 box and it crawled like hell because it just met the spec..... they got a few bits of spy-ware and it crawled a bit more so rather than taking steps to avoid said spy-ware they tried to be clever by buying a Mac thinking that would solve the problem.

While I'm not debating that many Mac users come from windows that doesn't instantly give them a degree in PC Security and they are just as clueless in how to avoid spy-ware and viruses on their shiny new Mac as they were on their PC being they STILL open all e-mail attachments and download and run everything BUT they are now more at risk because they have this warm fuzzy feeling they are immune from anything bad.

Hence that when there are a few Mac Viruses roaming around there going to get a kick in the teeth because many do not run with Anti Virus and Anti Spy-ware because think think they don't need it.

The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.

Hmmm...sounds familiar. You know, random Internet Explorer Windows opening with obscene content.

Better crank out some more "Hi, I'm a Mac commercials."