DealsOnTheWeb Daily Deal: OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long
Security Researcher Issues Proof of Concept For OS X Attack Code
by , 3:45 PM EDT, June 29th, 2006
Security researcher Kevin Finisterre, who earlier this year created the Inqtana worm that targets Apple's Bluetooth code in Mac OS X, on Wednesday issued a proof of concept for another vulnerability in the operating system.
According to CNET: "The code takes advantage of a locally exploitable vulnerability in an operating system component called 'launchd.' 'Attackers may exploit this issue to execute arbitrary code with elevated privileges,' Symantec said in a security alert to customers that was updated on Thursday.
The article noted that Mr. Finisterre's intent is to show Apple where flaws lie in its operating system. He works for Digital Munition, whose Web site features a page that details the new flaw, which he said was introduced in Mac OS X v10.4 "Tiger."
Observer Comments
"Work Around:
Install 10.4.7 update
http://www.apple.com/support/downloads/"
"The article noted that Mr. Finisterre's intent is to show Apple where flaws lie in its operating system."
IMNotSoHO: Mr. Finisterre's intent is to help try to justify the continued existence of antivirus software research, on the Mac platform, which is, so far, devoid of real threats by damaging malware.
For years, I have been hearing that 'If Macs really become popular, then they will gain the attention of those who write viruses, and then you Mac users will have to shut up and accept that the Mac OS isn't really any more secure than Windows."
Well, if anything was going to goad malware developers into targeting Mac OS X, I think that Apple publicly and loudly flaunting the lack of Mac viruses would be just the ticket. Apple has been thumbing their noses, thusly, at viruses for more than a month, and this news is the closest thing to a real threat we have? oh... no... eek...
Oh, and as coaten was kind enough to point out, the problem has ALREADY BEEN FIXED. Yeah, I'm worried. BWA HA HA HA HA!!!
QuoteMOSiX Man wrote:
"The article noted that Mr. Finisterre's intent is to show Apple where flaws lie in its operating system."
IMNotSoHO: Mr. Finisterre's intent is to help try to justify the continued existence of antivirus software research, on the Mac platform, which is, so far, devoid of real threats by damaging malware.
For years, I have been hearing that 'If Macs really become popular, then they will gain the attention of those who write viruses, and then you Mac users will have to shut up and accept that the Mac OS isn't really any more secure than Windows."
Well, if anything was going to goad malware developers into targeting Mac OS X, I think that Apple publicly and loudly flaunting the lack of Mac viruses would be just the ticket. Apple has been thumbing their noses, thusly, at viruses for more than a month, and this news is the closest thing to a real threat we have? oh... no... eek...
Oh, and as coaten was kind enough to point out, the problem has ALREADY BEEN FIXED. Yeah, I'm worried. BWA HA HA HA HA!!!
I believe that we are very secure, and I am currently not worried. However, no OS is perfect, sooner or later some jerk is going to find our Achilles heal. At least Apple seems to be very quick in plugging the few problems that we had have.
So this guy writes code that "could" attack OS-X and posts it to "show Apple where flaws lie in its operating system". How is that different from someone who writes a Windows Virus like Sober and posts it on the net "to show where the flaws lie in Windows". I mean I can understand wanting to see these things fixed but posting them for anyone to exploit seems irresponsible at least.
When the very first incarnation of iDisk was started by Apple I noticed what looked to me to be a security risk. I sent a quiet message to Apple and noticed that within a few days it had been fixed. No muss, no fuss, and no blowing my own horn. This seems to smack more of "hey look at how smart I am" rather than an honest interest in improving the security of OS-X.
Had he previously notified Apple quietly? The story does not make it clear. It is entirely possible that he specifically held off on releasing the proof-of-concept code until Apple had released the fix. That is a responsible thing to do.
That said, a local exploit is hardly news. Unix has always been notorious for them (Windows hardly has a better track record). What would be significant is a remote exploit on a default (or reasonably forseeable) installation.
QuoteIbn Rushd wrote:
I believe that we are very secure, and I am currently not worried. However, no OS is perfect, sooner or later some jerk is going to find our Achilles heal. At least Apple seems to be very quick in plugging the few problems that we had have.
I agree that Mac OS X is not perfect, and is not immune to security issues. But, while I think that somebody will eventually find and exploit chinks in its armor, I think that is a whole lot different than finding 'our Achilles heal'.
I also feel that Apple has the upper hand, much more so than Microsoft, when it comes to security issues, and will always be more proactive and responsive to such security issues.
Recent Headlines - Updated Friday, October 10th, 2008
- Fri., 7:00 PM
- iPO Free on iTunes - Clone Wars, Spaceballs, Silverman, And More
- 5:15 PM
- John Hodgman Hosts SPAMasterpiece Theater
- 4:05 PM
- CNET: Apple's New Notebooks Had Better be Pretty
- 2:00 PM
- Analyst: AAPL Has Hit Rock Bottom
- 12:55 PM
- Ballmer: Macs Don't Get the Full MS Office, Don't Work in Business
- 11:15 AM
- DocHaven 3 Adds Project History, More
- 10:35 AM
- iPodObserver - iPod touch Wins T3 Gadget of the Year Award
- 10:05 AM
- Hot Forum Topic - Apple's Special Laptop Event
- 9:40 AM
- FileWave 3.6 Improves File Distribution Support
- 9:10 AM
- Apple to Replace Defective MacBook Pro Video Chips
- 8:45 AM
- iPO Just a Thought - iPhone Whine and Cheese
- 8:15 AM
- Billings 3 Gets a $20 Price Cut
- 7:40 AM
- QuickerTek Unveils Apple Juicz Charger for MacBook Pro
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: OWC Mercury On-The-Go FW400/800/USB2/eSATA Portables High Performance A/V Rated, **Bus Powered** **Up to 500GB in the Palm of your Hand** Macworld Editor's Choice, CNET 'Very Good' - from $75.99!
New MacPro Memory 800Mhz With Apple Spec Heat Sink 2GB $88 / 4GB $138 / 8GB $274 - Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
LA ComputerCompany's Apple Care Deals - Starting from $55.00 
iPod Replacement Batteries from $6.00 
Micro (R/C) Remote Control Helicopter: $13.99 Delivered 
Panasonic DMP-BD30K Blu-ray Disc Player: $259.99 Delivered 
Garmin nuvi 270 Portable GPS System w/ 3.5" LCD Touch Screen & Preloaded Maps: $179.99 Delivered - $10 Drop 
