Re: Mac Worst nightmare, get hacked by Windows

On Fri, 17 Apr 2009 13:09:21 -0700, Steve de Mena wrote:

Sermo Malifer wrote:
On Thu, 16 Apr 2009 10:18:24 -0700, Steve de Mena wrote:

Sermo Malifer wrote:
On Thu, 2009-04-16 at 00:45 -0700, Steve de Mena wrote:
MuahMan wrote:
On Apr 15, 7:44 pm, Mike <m...@xxxxxxxxxxxxxxx> wrote:
http://www.computerworld.com/action/article.do?
command=viewArticleBas...
rticleId=9131647&source=rss_news
--
Mike
<crickets chirping...>
How could OS X, with it's unix bullet proof security, allow a lowly
application to circumvent security??

http://tinyurl.com/ddfj7z
"VMware bug allows Windows hack to attack Macs"

If the title weren't enough to answer your question, reading the
article should have:

"This is indeed a guest-to-host exploit," Kortchinsky
said in an e-mail today. "It uses several
vulnerabilities in the 'Display functions' (as VMware
put it) that allow [someone] to read and write
arbitrary memory in the host. Thus the guest can run
some code on the host, effectively bypassing ASLR and
DEP on Vista SP1."

The same tactics can be employed against a guest
operating system -- say, Windows XP -- running in
Fusion on a Mac powered by Apple's Mac OS X,
Kortchinsky confirmed. "The vulnerability is also
present in VMware Fusion and as such would allow a
guest (Windows or Linux) to run code on the Mac OS X
host," he said. "We didn't implement this exploit
though, but will probably in a near future."


VMware and Windows are at the bottom of the problem, not flaws in OSX
security.
"The vulnerability is also present in VMware
Fusion and as such would allow a guest (Windows or
Linux) to run code on the Mac OS X host," he said.

Why did you focus on that one sentence and ignore everything else I
quoted to you?

There is a flaw if OS X allows this to happen when an ordinary user
runs it without an Administrator prompt.

Most ordinary users don't run a guest OS in a virtual machine, and the
flaw is in Windows and the VM, not in OS X.

Who else would be running the Guest OS? God?

Not an ordinary user, the person you expected to be affected by this.

I expect OS X (not
"Windows" to prompt me for a password if anything is done that could
harm the system.

Running a virtual machine isn't the same thing as running an
application. I don't see how you expect Mac OS X to manage the operation
of a foreign OS running on virtual hardware!

.

Relevant Pages

  • Re: MacBook/Parallels/Vista
    ... For comprehensive, bootable backups, I use SuperDuper!. ... mutliple computers (Windows and Mac) accross a network, ... If you are serious about network security, ...
    (microsoft.public.windowsmedia.player.mac)
  • Re: New Patch Fixes 43 Flaws In OS X, Many Serious
    ... one used for security checks. ... As compared to windows, UNIX has an excellent track record. ... Mac OS X would then become higher ... So it is with any kernel, ...
    (comp.sys.mac.advocacy)
  • Re: Antivirus
    ... Oblivion on it and maxed out the graphics settings, ... the Mac, and since I don't have a personal Mac, I use an old Windows ... of the security concerns would have been partially stamped out. ...
    (Ubuntu)
  • Re: Attention Windows Users
    ... > This is the FIRST time that an exploit has existed prior to a security ... > That's hardly a compelling case that Windows is more vulnerable. ... Applications run in "user space" on Mac, ... > default required to enter a password to install the software. ...
    (rec.aviation.piloting)
  • How To Utterly Destroy The Security By Obscurity Myth
    ... The Financial Times tries spreading some Apple Mac security FUD ... Take the number of known malware in the wild for Mac. ... verifiable data there are 2036x more malware for Windows than Mac. ...
    (comp.sys.mac.advocacy)