Recently a reader nicked as 'hip' sent me the URL to an evil crapware file entitled 'iMac_Sux.dmg'. Here is his full message with the exclusion of the URL for downloading the file:
Wanna crash an iMac?I am not providing the URL in order to avoid being accused of distributing the thing.
Just mount this .dmg file, then have a look at what MassStorageCamera is doing.
It will be consuming all RAM and processors!!
Thank you 'hip'! I checked out the website where the file is located and enjoyed it. I particularly enjoyed the page quotations from The Hipcrime Vocab by Chad C. Mulligan. The insights are refreshing after living amidst the Neo-Con-Job / Tea Party / FuxNews / News Corp / Rupert Murdock Regime gibberish age within the USA where intelligent thoughts and verifiable facts are out of fashion.
I ran the .dmg and it did exactly as expected, without crashing my MacBook 2 GHz from 2006-11. It also auto-opened the 'CameraWindow' application that I installed for my Canon camera. I checked through the code within the .dmg and am going to 'guestimate' that the resource scripting near the end is instructing Mac OS X to treat the entire boot volume as a camera image volume. I was too bizy and lazy to dig further.
Clearly this is a very simple call being made within the .dmg that fools Mac OS X into thinking the opening .dmg volume is a camera. Fascinating. The fault of course is in MassStorageCamera for being allowed to eat your Mac alive. As I've pointed out previously, even Intego's VirusBarrier application has race condition bugs.
I'm not at all surprised that Apple missed the bug inherent in the 'iMac_Sux.dmg' file. I can easily see them being aware of it and tossing it on the back burner if only because it does not represent a security or major crashing problem. Similar CPU and RAM devouring buggy code has been around for many years. What sucks most is when system calls can crash the entire computer. Not having an iMac around to play with, I can't verify that this file crashes the machine. But I am going to guess that with current Intel iMacs it does not.
Dr. Charlie Miller and Dino Dai Zovi have the current best Mac hacking & cracking & pwning etc. book available for Mac OS X entitled 'The Mac Hacker's Handbook'. Both of them have Twitter accounts to follow. Both are very amusing to read. Dr. Miller is brilliant at coming up with methods for testing and breaking into Mac OS X. This past spring he won yet another Pwn2Own contest. He gave a presentation at Black Hat this last week where, among other things, he revealed yet-another security hole in Adobe Acrobat and Reader.
Here is a fun interview with Dr. Miller from March:
CONCLUSION: Expect security holes. Expect coding errors. There is no such thing as a perfect coder. There is no such thing as a perfect application or operating system.
I'll also add my usual coda: The only people I've ever heard or read saying that 'Macs never have security problems' are either NEWBIES or TROLLS. One of course never takes seriously the word of either of these species of human. It is well worth keeping track of Mac security. It is also well worth sorting out Mac security FUD from FACT.
BTW: Considering all of the above, what are the chances that humans will ever create Turing Test verifiable Artificial Intelligence? Not in my lifetime! No SkyNet worries.