Apple + Security & Privacy

About a month ago, we reported that, “a security researcher has found a new way to attack Macs by injecting hostile code directly into memory, rather than by installing files that leave traces.” The researcher, Italian student Vincenzo Iozzo, has presented this vulnerability at the Black Hat conference. (You can see a PDF of his presentation here.)

It is important to note that such attacks cannot, currently, obtain administrator privileges, and can therefore only affect a user’s files (though if it deletes files, that could be annoying enough for anyone who does not perform regular backups). But it may allow the recording of keystrokes, including passwords, that could be sent to a remote server. The attack currently requires exploiting vulnerabilities in Safari, which is fast becoming one of the weak points of Mac OS X.