Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Brings Security Holes to the Mac

Posted by pudge on from the okay-that-is-unfair-but-so-are-their-business-practices dept.

eMilkshake writes "There is an MS security bulletin that reads, in part, 'A security vulnerability exists ... because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.' Guess VirtualPC really brings the Windows experience to the Mac!" An update is available from the Microsoft site. On the flip side: sking writes "Australian IT reports on Microsoft's continuing development for the Mac: 'I just want to thank Apple for providing all those great innovative technologies that let us do what we love best: creating great applications,' gushed head of Microsoft's Macintosh Business Unit Roz Ho."

3 of 76 comments (clear)

  1. Re:Mac virus checker? by hawaiian717 · · Score: 5, Informative
    Norton AntiVirus is still around on the Mac, it is currently at version 9. Network Associates/McAfee also puts out Virex. Apple actually includes Virex as part of a .Mac subscription.

    Looking at the virus definitions, it looks like most of the signatures are for Windows viruses. There are the old Mac and HyperCard viruses that it keeps a look out for as well.

    --
    End of Line.
  2. VPC Vunerabilities Aren't New by Spencerian · · Score: 5, Informative

    Virtual PC emulates the hardware of an actual PC, complete with a video card, Ethernet NIC, a P2 processor, sound card, COM ports, and USB. This allows VPC to run practically any OS (except the old BeOS).

    Because of this, folks, VPC has always been subceptible to malware attacks, particularly in Windows. If you can infect a real PC running Windows, then VPC running the same OS configurution is just as vunerable. Running Linux? Yep, you can get rooted if you don't configure it as you would any other box.

    This new security update isn't very special in itself--it's perhaps that MS detected the vunerability better because it has access to the VPC source since they own the product now. A good question is whether the vunerability is in the virtual machine code or something that makes VPC more vunerable only in an environment running Windows.

    The good news is that infections will only compromise the PC environment(s) in use. The Mac that is running VPC cannot be touched as it is effectively an invisible party to the VPC environments, nor can the Mac be used as a carrier as you can with some e-mail worms.

    Not to say that someone might not try to exploit VPC's ability to use USB devices or its networking processes it shares with a Mac, or options such as shared folders (where a Mac folder is shared to Windows as if it were a networked folder).

    --
    Vos teneo officium eram periculosus ut vos recipero is.
  3. -1, Wrong by BandwidthHog · · Score: 5, Informative

    The hole exists in previous versions of VPC. MS is, somewhat unsuprisingly, only releasing a patch for recent versions.

    Connectix released versions 6.0, 6.0.1 and 6.0.2, and I believe the first MS release was 6.1. Yesterday's MS patches are from 6.0 forward.

    --

    Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?