Researcher Says Intel Macs Could Invite More Exploits

OS X includes features that make it a target for malware, and the Intel-based Macs may be even more vulnerable than their PowerPC predecessors, according to security researcher Kevin Finisterre, who created the three recent versions of InqTana, a proof-of-concept worm that spreads through a vulnerability in the Bluetooth feature of OS X.

"I honestly think that the general "script kiddie" crowd is more familiar and comfortable on an Intel processor versus a PowerPC," said Finisterre. Simply moving from the 4-byte instructions that PowerPCs use to the 1-byte instructions Intel processors use lowers the bar for exploits, he added.

Certain techniques that couldn't be used on PowerPC Macs, such as exploiting unicode-based buffers, are commonly used to target Intel-based machines, said Finisterre.

When activated, the Inqtana worm scans for other Bluetooth-enabled devices and tries to transmit itself wirelessly to other machines. Finisterre alerted Apple of the vulnerability last month.

The XD security technology embedded in newer Intel processors could make the Intel-based Macs less vulnerable to exploits, said Finisterre. XD – which stands for Execute Disable -- blocks viruses by rendering certain types of code non-executable. "If Apple makes proper usage of [XD], this could make things a little different with regards to exploitation," he said.

An Apple spokesperson confirmed that XD is activated in all Intel-based Macs.

Inqtana is one of several recent OS X security issues. Last month, researchers discovered a hole in the Safari browser that could provide an entry point for malware, and a Trojan Horse that spreads through iChat instant messaging software. In January, four critical security vulnerabilities were identified in the Apple QuickTime and iTunes applications.

Michael Oh, president of Boston based Tech Superpowers, says Apple has taken a proactive approach to security and has quickly issued patches for each exploit. Although he doesn't feel that Intel-based Macs will necessarily be more of a target for malware, Oh says new applications developed in the Intel architecture could open the door for cross-platform attacks.

For example, if a Mac were running Windows applications through a virtual PC with access to the hard drive and shared resources of the Mac, it would be possible to deposit code and destroy data on the OS X side, said Oh. "There's a double-edged sword aspect to making these machines Windows compatible," Oh said.

As the Mac's market share grows, there will be more attempts to target OSX with worms and viruses, says George Swords, marketing manager for PowerMacPac, an Apple reseller in Portland, Ore. "OSX has been pretty bulletproof for a while, but there will be potential for future attacks and it will behoove people to be more vigilant," said Swords.

David Salav, president of Webistix, a Holbrook, N.Y.-based solution provider and Apple partner, advocates using a firewall, antivirus software, and server software from Cryptocard, a Kanata, Ontario-based vendor of two factor authentication software.

Combined with an OS X server with the latest patches installed, this combination provides a high level of redundant security, according to Salav. "If someone gets through all of that, they will be the genius we’ve never met," he said.