On CBS MoneyWatch: The Dumbest Generation: Who Is It?
BNET Business Network:
BNET
TechRepublic
ZDNet
97 TalkBacks

By Joris Evers
Posted on ZDNet News: Jun 29, 2006 6:57:00 PM

Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday, increasing the urgency to patch.

The code's arrival comes just a day after Apple made an update available for its operating system. The malicious program takes advantage of a locally exploitable vulnerability in an operating system component called "launchd".

"Attackers may exploit this issue to execute arbitrary code with elevated privileges," Symantec said in a security alert to customers that was updated on Thursday.

On Tuesday, Apple delivered Mac OS X 10.4.7. The operating system update repairs a total of five flaws. Four of them affect both the client version of Mac OS X. The other, in the ClamAV antivirus software, has an impact on the server release.

Apple is recommending that people install all updates when they're issued to keep their software fully up to date, a company representative said Thursday.

"This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," the representative said, referring to the ability for the exploit code to run.

The exploit was created by Kevin Finisterre, a security researcher at Digital Munition. Earlier this year, Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. His actions are in part to demonstrate that Apple software is not unbreakable, he has said.

Apple users can download Mac OS X 10.4.7 through Software Update or the standalone installer. Typically, the Mac OS automatically checks for updates once a week.

Separately on Thursday, Apple put out iTunes 6.0.5, an update that it said fixes a security problem that could be used in a denial-of-service attack or let an intruder run code on vulnerable systems.

"The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability," the company said on its security Web site. "Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files."

The iTunes vulnerability affects Mac OS X versions 10.2.8 or later and Microsoft Windows XP and 2000, Apple said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 97 Talkback(s)
we're not interested anyway
Y A W N (Read the rest)
Posted by: labarker Posted on: 12/04/06 You are currently: a Guest | | Terms of Use
Disgusting! I HATE HIM!!!  NonZealot | 06/29/06
Who said he hates Apple?  John Zern | 06/29/06
nice one!  eb276 | 06/29/06
Careful!  Wolfie2K3 | 06/29/06
It isn't.  kiddpeat | 06/29/06
i smell a troll  thatxbxtchxnicoll | 06/30/06
oops  thatxbxtchxnicoll | 06/30/06
Better him then ....  deepee912 | 06/30/06
Actually...  cashaww | 06/30/06
You all make me sick.  harrisharris | 07/11/06
we're not interested anyway  labarker | 12/04/06
Symantec wrote this code to sell more of there crap?  Reverend MacFellow | 06/29/06
You obviously have a reading disability.  ShadeTree | 06/29/06
And what's the danger?  Laff | 06/29/06
Welcome to the real world, Apple...  BFD | 06/29/06
I'm going to defend Apple. GASP!!  NonZealot | 06/29/06
Heh.  A_Pickle | 06/29/06
i konw  lemon_mool | 06/29/06
True.  Cayble | 06/29/06
RE: True.  richdave | 07/03/06
Sorry I exaggerated  Cayble | 07/03/06
real world?  st!lborn | 06/29/06
This problem is fixed with the automatc update  MacGeek2121 | 06/29/06
Update and burn  csa0307 | 06/30/06
Alternative to the default updates  lwvirden | 06/30/06
Sage advice  999ad@... | 06/30/06
updates and crashes  Mr_Dave | 06/30/06
Wow, one exploit, how many for MS  GoPower | 06/29/06
Hmm, about that reality check...  Scrat | 06/30/06
Postage Stamp?  ladyirol | 06/30/06
17 years?  3D0G | 06/30/06
I was using Macs back then too  999ad@... | 06/30/06
Burst my bubble?  3D0G | 06/30/06
I don't think anyone will deny that.  999ad@... | 06/30/06
Interesting..  cashaww | 06/30/06
funny  doh123 | 06/29/06
I do not think....  cashaww | 06/30/06
who's going to patch windoze?  Linux Geek | 06/29/06
Apple  st!lborn | 06/29/06
Should stop handing out bad advice...  John Zern | 06/29/06
"Holy COW" , like Phil Rizutto would say .  I'm Ye, the MS SHILL . | 06/29/06
You can run it in an OSX Window with Parallels  MacGeek2121 | 06/29/06
Hmm...  A_Pickle | 06/29/06
Excuse me, but...  3D0G | 06/29/06
Apple = FreeBSD  thatxbxtchxnicoll | 06/30/06
LOL  3D0G | 06/30/06
You bring shame...  yyuko@... | 06/29/06
Here! Here! Well said  Cayble | 06/29/06
Your wasting your time yyuko  Scrat | 06/30/06
Another solution...  3D0G | 06/29/06
iTunes can be used in Linux .  I'm Ye, the MS SHILL . | 07/02/06
You will, you work there  Boot_Agnostic | 06/29/06
Ok...........  Badgered | 06/29/06
No need to "Deal with it"  MacGeek2121 | 06/29/06
Heh..  A_Pickle | 06/29/06
Wrapping a towel around your head will not help...  dav1dsm1th | 06/30/06
Don't panic....  handydan918 | 06/30/06
From A Mac User..  GSavage777 | 06/29/06
From a PC user...  A_Pickle | 06/29/06
Er.. Not to pick nits.. but...  Wolfie2K3 | 06/29/06
Erm...  A_Pickle | 06/30/06
As you have aptly pointed out  999ad@... | 06/30/06
Erm...  A_Pickle | 06/30/06
Erm...  999ad@... | 07/01/06
Graphics isn't that much to ask for.  A_Pickle | 07/01/06
Ahem,  johnfatz@... | 07/01/06
Secure MS PC  30bob1 | 06/29/06
What a load of BS  GoPower | 06/29/06
My experience too  NonZealot | 06/29/06
you keep forgetting...  thatxbxtchxnicoll | 06/30/06
Hardly...  Wolfie2K3 | 06/29/06
Hi, I'm a Windows Administrator  3D0G | 06/30/06
How bizarre!  lwvirden | 06/30/06
How about comparing a version of Windows from this century?  3D0G | 06/30/06
I will take the bait...  cashaww | 06/30/06
Me, too....but, uh...  Feldwebel Wolfenstool | 07/03/06
HAHA!  jeanruss | 06/29/06
"Only" a local privilege elevation.  Resuna | 06/29/06
so now what?  lemon_mool | 06/29/06
Stay up to date and you are  Ken_z | 06/29/06
Does your wife know...  dav1dsm1th | 06/30/06
Actually my wife  Ken_z | 06/30/06
Sounds like  dav1dsm1th | 06/30/06
try downloading the iTunes update...  thatxbxtchxnicoll | 06/30/06
YAWN...  s_gamgee | 06/30/06
Attack a Mac?  Popsprice | 06/30/06
Payback for Contentious, Misleading Ads  Neutrodyne | 06/30/06
Man, you are so illinformed  999ad@... | 06/30/06
Man, you touched on some real issues  Boot_Agnostic | 06/30/06
I've heard all sorts of feedback on the ads  999ad@... | 06/30/06
Feedback from an admitted Apple hater  NonZealot | 06/30/06
Windows In 1984?  MonsterPuppy | 06/30/06
My bad!  NonZealot | 06/30/06
Interesting  999ad@... | 06/30/06
well we all know why pcs are better, right?  obilesk | 07/01/06
Apple Pot Shots??  pirate1313 | 07/03/06
There ya go....SQUARE DINKUM....  Feldwebel Wolfenstool | 07/03/06

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here