Security Focus Online posted a brief bug report on a security vulnerability within Mac OS Xis Software Update application. The security hole could allow a malicious application to be installed with root authentication while pretending to be another "official" update from Apple. Root access is a Unix term that refers to having complete control over a computer, and user access to "root" is turned off by default in Mac OS X (see our tutorial on enabling root for more information). From the report:
Mac OS X includes a software updating mechanism "SoftwareUpdate". Software update, when configured by default, checks weekly for new updates from Apple. HTTP is used with absolutely no authentication. Using well known techniques, such as DNS Spoofing, or DNS Cache Poisoning it is trivial to trick a user into installing a malicious program posing as an update from Apple.
Apple frequently releases updates, which are all installed as root. Exploiting this vulnerability can lead to root compromise on affected systems. These are known to include Mac OS 10.1.X and possibly 10.0.X.
An example exploit of this vulnerability is documented and at the current time there is no work around. This vulnerability affects all versions of Mac OS X.