When looking for vulnerabilities or trying to secure a system, the first step is always to consider what parts of the system are exposed to attackers. This exposed part of a system is called the attack surface. In this chapter you will learn to look at the Mac OS X system and determine the code available to attackers, including attackers able to send packets to the system in question (server-side attacks) as well as attackers who can convince a Mac OS X user to connect to them with some piece of software (client-side attacks). Special consideration will be given to applications and pieces of the operating system that are exposed out of the box or by default in Mac OS X.
Searching the Server Side
There are many interesting services and listening ports on Mac OS X Server. Because so few computers in the world are running this operating system, however, this book will stick to looking at the attack surface of the standard Mac OS X.
At the lowest level, Mac OS X processes network traffic. That is to say, there may be bugs lurking in the IP stack in the operating system. Out of the box, Mac OS X consumes TCP, UDP, ICMP, and other types of packets. Since this low-level code is based on FreeBSD, it will probably be tough to find a vulnerability in it, but you never know. Besides the wired protocol stack, there are also the drivers associated with Bluetooth and the wireless card. The associated code was all written by Apple, so perhaps there are vulnerabilities ...