News

Researcher discovers bug hidden in Mac OS for two decades

When Apple launched a whole array of new features with Mac OS 9 in 1999, they called it ‘the best internet operating system ever.’

At the time, the 12-year-old Joshua Hill only had an old Mac Performa, so he was in dire need of a modem that he could plug into this device via one of its ‘serial’ ports. He swapped his trading card with a buddy for a 56k modem and began experimenting. And 20 years later, what he found helped him to discover a modem configuration flaw that had been hidden in Apple’s Mac OS for all these years….and was only fixed in April 2019.

Joshua, who today is a vulnerability researcher, presented evidence of the two-decades-old bug at the Sea Mac security conference this weekend. The bug could potentially have granted an attacker persistent remote root access to any Mac computer. The upside, Hill says, is that it only works on specific generations of Mac OS and OS X and that Apple started introducing protections about three years ago with macOS Sierra.

He doesn’t actually think it’s such a huge deal. He was just playing around and discovered that he could use a feature called Remote Access to call into his buddy’s Mac remotely and, as he describes it, ‘have some fun.”

Although Remote Access is no longer part of macOS, in 2017, while he was doing research for Guardian, he stumbled on a very old bug that could be used to replicate a similar effect. He found that the same old modem configurations still underpinned modern Macsand that it could be used by a hacker in much the same way.

He says: “It’s very bad programming practice, but this is very, very old code.”

Apple failed to comment on his discovery.

Tags

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.