Patched Mac holed in 30 minutes

Apple's Mac operating system may not be awash with viruses just yet, but hacking it seems to be a more straightforward proposition.

In the latest example, a hacker claims to have taken half an hour to gain full access to a fully patched Mac server put online for a cracking competition.

Late last month, a Swedish Mac enthusiast put a Mac Mini online and invited the general public to attempt to gain access and wipe the system's hard drive - to "rm" it, in reference to a Unix command for removing files and directories.

The administrator, who wishes to remain anonymous, said someone had attained root access within about two hours. "I was kind of shocked to see it was hacked this quick," he told Techworld.

Four hours later, a hacker going by the handle "gwerdna" defaced the home page of the "rm-my-mac" competition. The administrator noted that the contest is still technically going, since no one has yet wiped the Mac's hard disk.

Gwerdna needed only half an hour to crack the system, taking advantage of an unpublished security flaw in OS X - one of many, according to the administrator. "There are virtually loads of them, both in the kernel and in userland," he said. He is familiar with the flaw gwerdna used, but doesn't intend to disclose it to Apple or anyone else, he said.

Though a fan and heavy user of OS X, the administrator admitted the operating system contains a large number of serious, unpatched flaws that have never been reported to Apple. He said some of these are old BSD Unix bugs that have been patched in BSD but not in OS X, which is based on BSD.

"Whether a bug is reported or not depends entirely on the person who finds it," he said. "Some people who find bugs do report them to the vendor, and some do not. There's really not much to win by reporting a security hole to Apple, or any other vendor for that matter."

Security vendors say the Mac has escaped the widespread security problems that plague Windows largely because of its small market share, rather than because it is inherently secure. The rm-my-mac administrator noted that there are some ways of locking down systems such as BSD or Linux that aren't available for OS X.

However, attackers are getting more interested in the platform. At the recent ShmooCon in Washington D.C., a prominent security researcher found that their Mac had been cracked into, according to a report from SecurityFocus.

The attacker set up a file server on the system, and used information culled from the Mac to contact one of the researcher's friends and brag - but no trace was found as to how the attack had been carried out, the report said.

Last month, two viruses appeared aimed at the Mac platform in the space of a week. Shortly afterward, researchers warned of a bug that could be used to execute malicious code automatically via the Safari browser.

Security researchers have been warning for some time that the Mac isn't as secure as people think, and that Apple isn't responsive or open enough in its approach to the issue.