Security

Snitches get stitches: Little Snitch bugs were a blessing for malware

Now-patched kernel-level flaw in OS X app firewall will be revealed this week


DEF CON A vulnerability in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software.

Little Snitch reports in real-time the network traffic entering and leaving your Apple computer, and can block unauthorized connections. It is a handy application firewall that reveals the information flowing out your system and the sources of those packets.

Unfortunately, it was trivial for a malicious app to bypass Little Snitch's network monitoring mechanisms, says security researcher Patrick Wardle.

Wardle is a former NSA staffer who heads up research at infosec biz Synack. He also discovered a heap overflow bug in Little Snitch's kernel extension code, which could be exploited by an installed application to gain administrator-level access via the security software.

This kernel-mode vulnerability will be the main focus of an upcoming presentation by Wardle on Little Snitch at the DEF CON hacker gathering in Las Vegas this week. He will also demonstrate how programs could silently disable Little Snitch's network filtering, and how an Apple bug fix made this previously unexploitable kernel bug exploitable on OS X 10.11.

Little Snitch tricked ... A slide from Patrick Wardle's forthcoming talk

Little Snitch is built by Austrian firm Objective Development Software. Wardle said its developers fixed the kernel-level flaw with the release of Little Snitch 3.6.2 without acknowledging his discovery. Pedro Vilaça aka osxreverser also found low-level bugs in Little Snitch that could be exploited to crash the Mac, or disable or bypass the network filtering: these were fixed in version 3.6.4, which was released last month.

Highlighting and pushing for improvements in Apple's malware defenses has been a major focus of Wardle’s research efforts for more than three years – you can find a bunch of his file-system security tools here. ®

Send us news
3 Comments

You can listen right here to the sound of a robot helicopter flying on an alien world

NASA records, shares sound of Ingenuity drone on Mars, like we're in some kind of sci-fi flick

Video One of the microphones on Perseverance, NASA’s latest and greatest Mars rover, has recorded the sounds of its autonomous helicopter Ingenuity flying on the Red Planet, providing scientists with the first ever audio samples of an aircraft operating on another planet.

You can hear the recording in the video below. Make sure to listen out for a low buzzing sound, which comes from its rotors spinning at 2,537 rpm, as the drone flits in and out of view.

Continue reading

Tesla Autopilot is a lot dumber than CEO Musk claims, says Cali DMV after speaking to the software's boss

'Elon's tweet does not match engineering reality' states poorly redacted report

Tesla CEO Elon Musk's public statements about the state of his automaker's Autopilot assistive driving technology overestimate the system's capabilities, according to documents released by the California Department of Motor Vehicles (DMV).

Legal non-profit PlainSite obtained the DMV documents via the California Public Records Act and they include a summary, written by Miguel Acosta, chief of the DMV's Autonomous Vehicles Branch, of a March 9, 2021 meeting between DMV officials and Tesla personnel.

Acosta wrote that "DMV asked CJ [CJ Moore, director of Autopilot software at Tesla] to address, from an engineering perspective, Elon’s messaging about L5 capability by the end of the year."

Continue reading

Facebook: Nice iOS app of ours you have there, would be a shame if you had to pay for it

Antisocial giant insists 'Help keep FB free of charge' messaging is merely educational

The number of Facebook and Instagram users on iOS agreeing to be tracked by the social networking behemoth for targeted ads has fallen drastically in the week since Apple's iOS 14.5 debuted – and Zuck & Co have hit back.

The App Tracking Transparency framework in iOS 14.5 requires companies to ask permission to observe the activities of iOS app users – that is to say, to link application usage and data with user or device information collected from other sources for targeted advertising or analytics.

This opt-in regime looks to be an extinction event for the current incarnation of targeted advertising, on iOS at least. According to analytics biz Flurry, only about 12 per cent of iOS users worldwide and only four per cent in the US have decided they want to be tracked.

Continue reading

Xpand your horizons: MariaDB launches distributed query engine into proprietary DBaaS

But beware lock-in-as-a-service, analyst warns

MariaDB has added proprietary bells and whistles, in the form of distributed SQL, for its DBaaS and supposedly developer-friendly front end.

The biz supporting the open-source MySQL-derived database introduced its DBaaS SkySQL last year and has now announced the general availability of its distributed SQL as one of the engines in MariaDB's SkySQL system, said CMO Franz Aman.

"What's cool about distributed SQL is that you get all the scale of NoSQL, but you get it with all the benefits of relational," he said. "So, you have strong consistency, you have full SQL vocabulary, but at a scale that is ready for the internet for internet-scale."

Continue reading

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

Plus: NCSC warns of how hostile powers may exploit smart city infrastructure

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.

Now, the UK's National Cyber Security Centre (NCSC) and the US warn, the SVR is busy exploiting a dozen critical-rated vulns (including RCEs) in equipment ranging from Cisco routers through to VMware virtualization kit – and the well-known Pulse Secure VPN flaw, among others.

"In one example identified by the NCSC, the actor had searched for authentication credentials in mailboxes, including passwords and PKI keys," warned the GCHQ offshoot today.

Continue reading

GitLab's 10-day certification freebie offer lasted only two because, surprise surprise, people really like freebies

Biz expected 4,000 signups, got 60,000, system couldn't cope

GitLab says a surge in demand and a technical shortcoming resulted in the DevOps outfit yanking a free certification offer barely two days after turning on the tap.

In a postmortem write-up this week, GitLab manager Christine Yoshida said the infrastructure of its glossy "learning experience ... eventually hit a system limit" as excited users piled on, and the promotion period was ended early.

A discount code was made available in April to people who wanted to get GitLab-certified. The 100 per cent discount was planned to last for ten days, and the GitLab gang figured 4,000 users would sign up.

Continue reading

British bank TSB says it will fix days-long transaction troubles tonight

Totally Sucks, Buddy: Debit payments held up since April, online and app still wobbly, say readers

TSB admitted today it still hadn't fixed a transaction processing issue that has for days held up customers' payments, with users continuing to have issues at the time of publication.

We're told the transaction hold-up, which the Edinburgh-based bank said was linked to debit accounts, would be resolved "overnight." It did claim to have fixed a "temperamental" technical fault preventing some customers from accessing their online accounts, however.

Reg readers who double up as customers of TSB – once known as the comedy bank because of the frequency at which its web-based services fell over – maintained they were still having troubles logging onto the app or website, with some having experienced issues for days.

Continue reading

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.

Those problems extend to UK public sector organisations seeking to stick within government guidance as well as a longstanding issue where personal data held in the EU can potentially be accessed via US security laws.

In a blog, Brad Smith, Microsoft’s president and chief legal officer, said the software and cloud services giant would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU.

Continue reading

We were 'blindsided' by Epic's cheek, claims Apple exec on 4th day of antitrust wrangling

I thought we were friends

An Apple exec has spoken of his shock after Fortnite creator Epic Games installed a hotfix that allowed it to deploy its own payment methods, thus skirting the 30 per cent App Store tax.

Testifying on the fourth day of the bench trial, Apple's vice president of App Store, Matt Fischer, said he had been "blindsided" by the deployment of the workaround, given the amicable relationship previously enjoyed by both companies.

Fischer said (audio here) that Apple's marketing teams had previously promoted in-game events taking place within Fortnite involving DJ Marshmello and rapper Travis Scott. He also claimed that Cupertino had expressed a willingness to reconsider its prohibition on the in-game gifting of virtual items.

Continue reading

'A massive middle finger': Open-source audio fans up in arms after Audacity opts to add telemetry capture

Move comes days after firm acquired by Muse Group

Open source audio software outfit Audacity, now under new management, is adding some "basic telemetry", much to the alarm of many of its community.

The request turned up in GitHub this week, aimed at providing some telemetry, and the author of the request, Dmitry Vedenko, explained:

Continue reading

Broadband plumber Openreach yanks legacy copper phone lines in Suffolk town of Mildenhall en route to getting the UK on VoIP

Just four years to go before planned switch-off

The tiny Suffolk town of Mildenhall is the second place where Openreach has stopped selling copper products as the company develops its strategy for withdrawing legacy telephone lines.

The "stop-sell" order came into effect on 4 May, and also extends to copper-based phone connections. It follows a similar stop-sell edict in Salisbury, which last year became the first UK city to receive full-fibre coverage.

While this decision hasn't had an immediate impact on those hanging onto their slower copper lines, it has meant those hoping to switch providers or upgrade their connection will be pushed to a digital-only service.

Continue reading