Wednesday, March 25, 2009

Mac OS X Top Target in Browser Beatdown - Security Fix

Hmm… (see the full article for more context-setting)

Both the Firefox and Safari vulnerabilities that he proved were exploited on a Mac OS X system. The German hacker said the latest versions of both Firefox and IE take full advantage of features built in to Windows Vista that make it far more difficult to reliably exploit than on the current version of OS X. Those features, including "data execution prevention" (DEP) and "address space layout randomization," (ASLR) don't appear to be properly implemented between OS X and versions of Safari and Firefox built for that operating system, Nils said.

"It's quite easy to write an exploit for Firefox on OS X compared to Firefox on Vista," he said.

[…]

"It's getting pretty hard to do a lot of this stuff on Windows Vista and Windows 7," Nils said. "Especially when a lot of people who stayed with [Windows XP] switch to Windows 7 because they didn't want Vista, the bad guys may start to figure out they can more easily exploit these bugs more reliably on a Mac."

Mac OS X Top Target in Browser Beatdown - Security Fix

No comments: