The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

DealsOnTheWeb Daily Deal: OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long

Mac OS X Security Risk Published

by , 9:10 AM EDT, June 30th, 2006

Proof of concept information about a potential security flaw in Mac OS X has been released, elevating the need for Tiger users to install the Mac OS X 10.4.7 update. According to ZDNet, the flaw, which takes advantage of a vulnerability in the launchd system component, was one of the fixes included with Apple's latest system update that was released earlier this week.

An Apple spokesperson commented "This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update."

The launchd proof of concept was created by Kevin Finisterre, a security researcher at Digital Munition, and requires local access to a Mac instead of Internet access. The security flaw could allow someone to execute code on your Mac with higher privileges that the logged in account allows.

So far, there are no known reports of anyone using the launchd proof of concept information to develop an exploit for Mac OS X.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Dean Lewis Posts: 156 Joined: 29 Sep 2001
Fri Jun 30, 2006 9:47 am Subject:

One day these people might actually produce a virus or trojan or even a proof of a concept of one for something Apple hasn't already patched.

Until then, still no virus trouble for our Mac OS X. They just HATE that.


 Reply | Quote
Close Name:geoduck Posts: 1721 Joined: 30 Dec 2003
Fri Jun 30, 2006 10:49 am Subject:

Proof of concept information was published that utilizes a vulnerability that was patched a couple of days before. They're getting closer to something significant, but not there yet.


 Reply | Quote
Close Name:hangtown Posts: 109 Joined: 03 Dec 2005
Fri Jun 30, 2006 11:28 am Subject:

AND requires local access to the machine.

Still not overly significant, even if it were more than a concept.


 Reply | Quote
Close Name:Ibn Rushd Posts: 51 Joined: 16 May 2006
Fri Jun 30, 2006 12:20 pm Subject: Schools

Quote
hangtown wrote:
AND requires local access to the machine.

Still not overly significant, even if it were more than a concept.


I could see it being a problem in a school situation with their student accessible networks. I am glad that Apple got the fix out before the published vulnerability.


 Reply | Quote
Close Name:murlyn Posts: 10 Joined: 30 Nov 2004
Fri Jun 30, 2006 5:52 pm Subject: Reminder

Just a reminder to everyone that most vulnerabilities are not published until a fix has been released. It's in consideration for the company that has the vulnerability. They go through a process of first notifying the company of the vulnerability. The company then fixes said vulnerability and then the company/person that found the vulnerability usually has first rights to publish the vulnerability at that time which is a thank you nod from the vulnerable company for notifying them first and not all the hackers out there.

Problems, big problems arise when company/people notify the public first about the vulnerability, or only wait a little time after notifying the vulnerable company to notify the public. This puts a lot more people at risk then if they would have kept quiet until the company fixed the problem and released a patch.

Ok that was confusing, but hopefully it's clear enough to make the point.


Reply | Quote
Close Name:horvatic Posts: 99 Joined: 27 Jun 2003
Sat Jul 01, 2006 12:32 am Subject:

Looks like Apple almost beat this story before it even got out as Apple has already patched this concept with 10.4.7 update. I guess Symantec won't be selling much OSX antivirus software this week.


 Reply | Quote
Comment on this Article

Show:   comments per page.   Save Settings
Guest Posts Hidden. View Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.

Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.

Recent Headlines - Updated Friday, July 4th, 2008

Fri., 7:30 AM
Happy Fourth of July!
Thu., 4:50 PM
Apple Slashes $400 from SSD Drive in MacBook Air
4:05 PM
It's Official - Firefox Sets Guinness Record for Downloads
3:30 PM
Apple Files Patent for a Multi-touch Gesture Language
2:20 PM
Editorial - Mac's Market Share and the Cascade Failure of Windows
1:35 PM
iPodObserver - Apple Slurps Up Samsung's NAND Flash for iPhone 3G
1:05 PM
WSJ: Tips for Switching from Windows to Mac
12:05 PM
iPodObserver - Google Intros Google Talk for iPhone
11:35 AM
iPO Just a Thought - iPod nano Versus iPhone: Decisons, Decisions...
10:55 AM
YouTube Ordered to Turn Over All User Records to Viacom
10:10 AM
Hot Forum Topic - Apple vs. Cell Carriers: Who's Winning the Game
9:25 AM
iPodObserver - Rumor: Best Buy, Radio Shack to Sell iPhone 3G
8:45 AM
.Mac Bookmark Sync Deadline Extended to July 6
8:10 AM
Adobe Reader 9 Hits the Streets
 

The Mac Observer Reader Specials
  • Special Report: WWDC 2008
  • Special Report: iPhone
  • __________
  • Help TMO Grow
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!
  • New Media Expo 2008

Apple Stock Quote

  • AAPL: $170.12. Change Today: +1.94.
  • (Prices delayed up to 20 minutes.)
  • Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Apple iTunes

Top Deals From DealsOnTheWeb