Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X presented at BlackHatDC 2007

by Charlie Miller,

URL : https://www.blackhat.com/presentations/bh-usa-07/Miller/Presentation/bh-usa-07-miller.pdf

Summary : According to the Apple website, Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions. Of course, the Month of Apple Bugs showed that Macs are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the number of announced vulnerabilities on Mac OS X low is that not many researchers are interested in exploring this operating system due to low market share and not many researchers are familiar with the platform which can introduce a steep learning curve. The first of these reasons is going away as Apples market share continues to rise. This talk hopes to address the second reason. Namely, to provide researchers already familiar with Windows and Linux the knowledge and tools necessary to search for new security bugs in this operating system, specifically the new forthcoming release of Leopard, the newest version of Mac OS X. Happily, there are plenty of bugs and some Mac-only tools which help to find them. This talk will announce the port of some popular tools including the release of PaiMei for Mac OS X and will demonstrate one or two 0-days (if theyre still around).