Black Hat: iSec Partners condemns OS X network security

LAS VEGAS: Security firm iSec Partners has declared Apple's OS X Server platform unfit for secure business use owing to the possibility of targeted advanced persistent threat (APT) attacks on Mac systems.

ISec's Alex Stamos said that, while individual Mac systems could be secured, underlying vulnerabilities in the platform’s networking protocol make OS X Server networks easy to compromise.

"Run your Macs as little islands on a hostile network. Once you turn on the administrator stuff, once you install OS X Server, you are toast," he told attendees.

The problem lies in the way OS X networks handle authentication protocols. Researchers explained that the protocols could be harvested and cracked offline with 'brute force' methods.

ISec presented the results of a test in which an Apple network could be breached through a targeted attack on an end-user system. From there, researchers were able to run a local DNS attack to harvest credentials and obtain administrator access to a network and compromise all devices.

"It is just two notches above trivial to escalate your privileges to become an administrator on most Mac networks," said Stamos.

However, iSec praised Apple on advancements in many other areas, saying that, when stacked up with Windows 7 systems, OS Lion matches Microsoft in areas such as local privilege escalation and anti-exploit protection.

Despite recent high-profile outbreaks, Mac OS users have generally been far less prone to malware attacks than their Windows counterparts. But this may actually make Mac users more likely to fall for the targeted techniques used to gain a foothold in APT operations.

"Mac users have been trained to feel safe for a very long time, and Apple’s marketing isn't really helping," said iSec researcher Paul Youn.

"If Stuxnet has taught us anything it is that any system can be infected with malware."