Author Topic: Vulnerabilities in Mac OS 9  (Read 3444 times)

Offline rwbaskette

  • Member
  • Posts: 3
  • new to the forums
Vulnerabilities in Mac OS 9
« on: October 19, 2016, 06:13:57 PM »
Hello all, new guy here.

I was wondering if anyone had an idea on where you could find a list of known vulnerabilities for Mac OS 9.

The CVE database only goes back as far as 1999, and it doesn't appear there were many to begin with.

http://www.cvedetails.com/product/155/Apple-Mac-Os.html?vendor_id=49

I though it might be fun to see if they were patch-able


Offline rwbaskette

  • Member
  • Posts: 3
  • new to the forums
Re: Vulnerabilities in Mac OS 9
« Reply #2 on: October 25, 2016, 01:00:16 PM »
Thanks for posting those resources.

The "Maximum Security" book looked interesting, but Google has decided it would rather not show me the actual pages.

It is somewhat comforting to know that there aren't many at the operating system level floating out there.

The applications are a whole other matter. I'm not sure where to start with that list other than "Classilla is probably as patched as it gets"

Offline Custos

  • Veteran Member (100+ Posts)
  • ****
  • Posts: 123
Re: Vulnerabilities in Mac OS 9
« Reply #3 on: October 19, 2019, 09:08:23 PM »
Has anyone actually been able to perform any legit exploits? Would seem that most hackers would have long forgot about os9 and any of it's vulnerabilities.
"A mistake is only an error. It only becomes a mistake when you fail to correct it."  -John Lennon

Offline IIO

  • Platinum Member (500+ Posts)
  • *****
  • Posts: 2304
  • new to the forums
Re: Vulnerabilities in Mac OS 9
« Reply #4 on: October 19, 2019, 11:10:55 PM »
there are about 36 malsoftware for MacOS, of which 6 or 7 can cause actual harm. the newest one is from 2001. :)

all trojans i know are systemextensions, which can be removed by removing the systemextension. all file infectors i know can be "repaired" using norton so you dont loose any files. good old times....
"It is true that the "pre-emptive multitasking" advantage present in OS X can be illustrated by downloading CD-ROM ISOs and rendering chaos theory formulas while simultaneously instant messaging and posting on FaceBook what you ate... but in reality, what did you create?"
- DieHard, random forum troll at macos9lives.com

Offline Custos

  • Veteran Member (100+ Posts)
  • ****
  • Posts: 123
Re: Vulnerabilities in Mac OS 9
« Reply #5 on: October 20, 2019, 04:30:08 AM »
There was a certain disk iso floating around "DAW stuff" when installing a few things I had to remove some system extensions. I've suspected someone purposely snuck something in there considering every time I've messed with it problems would arise. I don't trust anything that's free to be brutally honest.
"A mistake is only an error. It only becomes a mistake when you fail to correct it."  -John Lennon

Offline IIO

  • Platinum Member (500+ Posts)
  • *****
  • Posts: 2304
  • new to the forums
Re: Vulnerabilities in Mac OS 9
« Reply #6 on: October 20, 2019, 09:34:19 AM »
yes - but run norton with final 2006 update while unstuffing & booting and all is good.
"It is true that the "pre-emptive multitasking" advantage present in OS X can be illustrated by downloading CD-ROM ISOs and rendering chaos theory formulas while simultaneously instant messaging and posting on FaceBook what you ate... but in reality, what did you create?"
- DieHard, random forum troll at macos9lives.com

Offline Daniel

  • Gold Member (200+ Posts)
  • *****
  • Posts: 269
  • Programmer, Hacker, Thinker
Re: Vulnerabilities in Mac OS 9
« Reply #7 on: October 20, 2019, 12:45:59 PM »
There's likely all sorts of possible exploits. I have no idea about network based ones (except for really weak encryption), but it is hard to see how the Driver Descriptor Map and Resource Compression could possibly be made secure.

One runs code from a newly inserted disk and the other runs code in the resource file itself to decompress other resources (this can be used to run code the moment a resource fork is opened with the Resource Manager).

Those are less vulnerabilities and more features working as intended without any attention paid to security at all.

Even with antivirus there are so many ways to get full access. Does norton scan the 'krnl' resource in the System File which is used to update the NanoKernel on Old World Macs? Does it scan Apple CPU Plugins? Both are very obscure pieces of code that get run in PowerPC supervisor mode, where they can do anything.

Offline Custos

  • Veteran Member (100+ Posts)
  • ****
  • Posts: 123
Re: Vulnerabilities in Mac OS 9
« Reply #8 on: October 20, 2019, 01:22:17 PM »
Someone gaining root access is the least of my worries. I don't allow any of my os9 machines to have internet access. 110 that really cleared a lot up for me. I've had suspicions about this for a few years now with little time to address it.
"A mistake is only an error. It only becomes a mistake when you fail to correct it."  -John Lennon

Offline IIO

  • Platinum Member (500+ Posts)
  • *****
  • Posts: 2304
  • new to the forums
Re: Vulnerabilities in Mac OS 9
« Reply #9 on: October 20, 2019, 03:09:58 PM »
i think one could say that something like "root" doesnt exist in MacOS9.

MacOS9 is always in "admin" - not higher or lower.  (that includes the socalled "user" system, which is a joke.)

trojans like backorifice are system extensions and you can only install it willingly. it would let me shut down your machine if i know your IP, but not touch any files, because OS9 doesnt really have an interface or shell for controlling the system.

perl or flash might have additional backdoors, but nobody uses this. :)
"It is true that the "pre-emptive multitasking" advantage present in OS X can be illustrated by downloading CD-ROM ISOs and rendering chaos theory formulas while simultaneously instant messaging and posting on FaceBook what you ate... but in reality, what did you create?"
- DieHard, random forum troll at macos9lives.com

Offline IIO

  • Platinum Member (500+ Posts)
  • *****
  • Posts: 2304
  • new to the forums
Re: Vulnerabilities in Mac OS 9
« Reply #10 on: October 20, 2019, 03:21:36 PM »
Even with antivirus there are so many ways to get full access. Does norton scan the 'krnl' resource in the System File which is used to update the NanoKernel on Old World Macs? Does it scan Apple CPU Plugins?

i didnt mean to hijack the original thread topic, but a potential vulnerability is not equal to the existence of real danger in the form of a malware.

20 years ago about 100 times more people than today were using this OS - including the military, airports, the police ... and there was no such thing as you describe.

or at least we dont know. :)

beside 666 and a few nasty worms, which some idiots spreads across public sites back in the days, every other potential risk is in my opinion "too theoretical to bother about."

when i say this, i presuppose that everyone who does serious work on OS9 - and also downloads files from untrusted sources on the same machine - that he uses norton to scan new files.

i also presuppose that people always make backups of important files.

a harddisk failure or a burglary is far, far more likely than the appearance of a new malware for OS9.
"It is true that the "pre-emptive multitasking" advantage present in OS X can be illustrated by downloading CD-ROM ISOs and rendering chaos theory formulas while simultaneously instant messaging and posting on FaceBook what you ate... but in reality, what did you create?"
- DieHard, random forum troll at macos9lives.com

Offline Custos

  • Veteran Member (100+ Posts)
  • ****
  • Posts: 123
Re: Vulnerabilities in Mac OS 9
« Reply #11 on: October 20, 2019, 04:21:45 PM »
Theft? I feel bad for anyone attempting that one 😆. Been considering updating everything to SSD. There are some projects I would prefer to keep around for as long as possible.
"A mistake is only an error. It only becomes a mistake when you fail to correct it."  -John Lennon