Apple has recently patched a bug that finds its origins 20 years ago when the iMac G3 was released in 1998 as Apple’s first Internet iMac, thanks to vulnerability researcher and co-founder of the mobile firewall maker Guardian, Joshua Hill.
Hill first discovered the bug back in 1999 when he was only 12. He owned a Mac Performa at the time, and to get online, he needed a modem, which he traded a holographic Han Solo trading card with his friend for. The bug basically allowed an attacker to gain full access and control of any Mac machine, and Hill found out about the exploit when he was using an Apple service called Remote Access, which allowed you to control your computer from a phone or another computer remotely without the need of any password. The hack was achieved using a common method of attack called a buffer overflow.
20 years on, Hill realized while he was studying the current Mac OS that much of the old modem configurations still form the foundation of the network tools in Mac operating systems today. Applying a slightly modified modern revamp of his old hack, the vulnerability researcher was able to recreate the exploit and gain access to other Macs with full root access. He shared his findings with the world, and Apple subsequently patched the 20-year-old bug this April. Hill, on the other hand, continues his quest to unearth more hidden bugs: “I love vulnerabilities. Every time I find a new one it feels like you found a piece of a puzzle on the floor you lost weeks ago. Many people ask me how to find exploits. I want to show them.”