Where’s my shellcode?

With some of the recent exploits discovered affecting Mac OSX, I’ve found myself wondering where all the shellcode for Intel Macs is. I last looked in to this over twelve months ago, and found nothing but PPC payloads, and a few patched BSD x86 ones.

So what’s changed in the past twelve months? Err, not a lot. Remote 0days are few and far between for Mac OSX (well, compared to Win32 anyway), but when they do come along – it’s all proof of concept stuff with no practical application, which makes pen testing near impossible. Whilst Apple are usually pretty quick to plug this sort of stuff, automatic updates in OSX aren’t nearly as in-your-face as Microsoft Windows’ for example. Just last week I had a client using 10.3.7! Perhaps Leopard will improve on this, as long as they don’t take too many pages out of Microsoft’s book.