The Year of The OS X Exploit

In an interesting report, Security Focus's Robert Lemos talks about OS X security.

The big story is how, at the recent ShmooCon hacking conference, one security researcher suffered an attack from a unknown assailant, who took control of the researcher's computer, disabling the firewall and starting up a file server. That computer was an Apple PowerBook running the latest version of Mac OS X.

"The victim, a security researcher who asked to remain anonymous, had locked down the system prior to the conference and believes that a previously unknown exploit caused the compromise. However, in the following weeks, forensics performed on the system did not reveal any clues as to how the PowerBook had been compromised," Lemos reports.

To sum it up, the PowerBook, owned by an anonymous researcher, was attacked by an unknown attacker, using unknown methods… Shocking.

"'The machine was as hardened as best practices could suggest for anyone,' the researcher said. The person who breached the PowerBook used information gathered from the computer to contact a friend of the researcher and bragged about the compromise. 'This was not a subtle hack,' the researcher stressed," Lemos continues.

Much like something out of a Agatha Cristie book, only this time Poirot is nowhere to be found because someone stole his hat which was securely attached to his head at the time of the leaving of the house, this story tends to remain just that, since there are no actual facts to it. The equation is made up of a mass of unknown factors but the result is crystal clear: OS X is not safe.

"This is almost certainly the year of the OS X exploit," Lemos quotes Jay Beale, senior security consultant, Intelguardians.

The words 'almost' and 'certainly' do go well together, and they make ever so much sense in a prediction, as does 'the' cleverly inserted before 'year'. Very ominous.