It’s not often that you find cool new things in highly technical computer security books. Usuaully they compile relevant information, tie it together, and make some marginal improvements. I’ve been working through the “Mac Hacker’s Handbook” and have been quite surprised with just how good it is. The authors are first rate so I’m not surprised that it’s good, but they demonstrate techniques to exploit a Mac that still work and real-world exploits that are just a few months old.
A year or so ago, I skipped Dowd’s talk on exploiting IE because IE itself wasn’t of particular interest to me. Not to linger on that too much, but at the time IE exploits were popping all the time. They used heap sprays and were 25-50% reliable in my experience… I was using phishing attacks that were 40+ percent reliable so it wasn’t my thing. I was more likely to get lucky with phishing and if I needed an exploit I could just wait until next week. What I missed was truly unfortunate as the talk walked through 10 years of exploiting the heap and went into working techniques (at the time). I’m not a Mac hacker yet, but clear working code presented in “The Mac Hacker’s Handbook” is useful for any security professional and should be a must read for exploits guys.
I hope to get a more complete review down the road, but I’m really digging through the book so I can speak more thoughtfully on the topic. Until then, I’d still recommend the purchase.
As to the title of this post, it appears generic heap overwrites are still workable on the mac.