Exploit released for Mac OS X flaw

By Joris Evers, CNET News.com
Tuesday, October 03, 2006 09:43 AM

Computer code that exploits a flaw in Apple Computer's Mac OS X was released over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

Apple representatives did not immediately return calls for comment.

Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

The vulnerability could be exploited by a local attacker or someone with privileges to remotely log-on to a machine. Macs that are used by multiple people as well as servers with remote access capabilities are most at risk, experts said. A user with limited privileges could exploit the flaw to possibly gain full system access.

"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

MacOS X by default checks for updates weekly, which means most Mac OS X systems will not be vulnerable much longer.

The exploit as it was publicly released does not do anything destructive; instead it runs the "/usr/bin/id" utility to show that the user enjoys full administrator privileges.

"I can then make it do anything I want," said Matthijs van Duin, creator of the exploit. "An ill-intended person with at least some skill could modify it to spawn a root shell."

Dai Zovi agreed, a knowledgeable user can easily replace or modify the exploit payload to run a full-access root shell, he said.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

A look at the Terminal Services Manager in Windows Server 2008

Windows Server

Terminal Services Manager has been around for a while, but Microsoft made some changes to the utility in Windows Server 2008. Here's what you'll find.


Read more »



Open source blog reloaded!

Blog thumbnail

This is with great pleasure that this "little corner of the Web" is resuming activities through another member of the (now famous ;-)) Beijing Linux User Group (BLUG) doing the..... by Fred Muller

Read more »

Tags

  1. attack
  2. authentication and encryption
  3. blog
  4. data security
  5. e - mail
  6. google inc.
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. symantec corp.
  19. viruses and worms
  20. web