On CNET: 7 essential free apps for PC
BNET Business Network:
BNET
TechRepublic
ZDNet
60 TalkBacks

By Joris Evers
Posted on ZDNet News: Oct 3, 2006 1:25:00 AM

Computer code that exploits a flaw in Apple Computer's Mac OS X was released publicly over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a person with limited privileges gain full access to a system. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher at Matasano Security, who was credited by Apple with discovering the flaw. "It appears to be a zero-day exploit." He added that it may even "have been distributed before the patch was released."

Indeed, a Dutch student named Matthijs van Duin claims he found the bug and crafted the exploit in November last year. He did not call attention to the exploit, but did store it in a public directory online to share it with a few people, Van Duin told CNET News.com. Symantec and the French Security Incident Response Team, or FrSIRT, issued alerts about the attack code over the weekend, but the exploit appears to have gone unnoticed by security monitoring companies before that.

"I didn't release it at such," Van Duin said in an interview via e-mail. "I just put it in a directory to show it to a few people...I was trying to figure out why the kernel code that was obviously meant to plug this vulnerability was present, but disabled. Then I had more urgent stuff to do, the vulnerability ended up on the bottom of my 'to do' list."

Apple representatives did not immediately return calls for comment.

Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are (now) looking for vulnerabilities in Mac OS X," Dai Zovi said.

The vulnerability could be exploited by a local attacker or someone with privileges to remotely log on to a machine. Macs that are used by multiple people, as well as servers with remote access capabilities, are most at risk, experts said. A person with limited privileges could exploit the flaw to possibly gain full system access.

"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

The patch is available on Apple's Web site.

Mac OS X, by default, checks for updates weekly, which means most Mac OS X systems will not be vulnerable much longer.

The exploit as it was publicly released does not do anything destructive; instead it runs the "/usr/bin/id" utility to show that a person enjoys full administrator privileges.

"I can then make it do anything I want," Van Duin said. "An ill-intended person with at least some skill could modify it to spawn a root shell."

Dai Zovi agreed with van Duin, saying that a knowledgeable user can easily replace or modify the exploit payload to run a full-access root shell.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 60 Talkback(s)
Of course you can.
People have been building custom macs for years now... Do a google search for hackintosh - see what you find.... (Read the rest)
Posted by: peterlav Posted on: 11/20/06 You are currently: a Guest | | Terms of Use
"Appears" to have been written before the patch?  Ken_z | 10/02/06
It is a good thing  Qbt | 10/02/06
making people think . . .  brian ansorge | 10/02/06
You are safe...  Qbt | 10/02/06
Oh gawd [rolling eyes] . . . here we go again  brian ansorge | 10/02/06
arketshare  galileon | 10/02/06
According to all the research ...  ShadeTree | 10/03/06
"these here internets are for the big boys..."  rafe01 | 10/03/06
Internets?!  Rocketdude | 10/03/06
Awesome!  tic swayback | 10/03/06
such a dumb argument...  doctorSpoc | 10/03/06
A myth. I agree.  xuniL_z | 10/03/06
Not so......  Laff | 10/03/06
"can only be exploited by a logged-in user"  georgep_z | 10/03/06
*** for Tat  wjkahlssmd@... | 10/03/06
Some of that MIGHT have been valid pre MacTels and Parallels or boot camp  Laff | 10/03/06
Not So Fast  wjkahlssmd@... | 10/03/06
Just as fast... (OT)  Fred Fredrickson | 10/03/06
Neck and Ankle  wjkahlssmd@... | 10/03/06
Hmmmm I guess I was considering the NEXT or upgrae purchase  Laff | 10/03/06
fast  wacho | 10/03/06
OEM Licenses of XP are only good valid for the box ...  ShadeTree | 10/03/06
I would like someone to try and get back to me.  Laff | 10/03/06
Easy to get back to you.  ShadeTree | 10/04/06
Jsut talked to one of my PC guy...  Laff | 10/04/06
Good luck with that P2P activation key.  ShadeTree | 10/04/06
A lot but not all?  Laff | 10/04/06
not a fair comparison...  doh123 | 10/03/06
Unfortunately Apple does not offer stripped down models  MacGeek2121 | 10/04/06
People are just tinkering and learning  Boot_Agnostic | 10/03/06
Another Problem - Now with OSuX  jpr75_z | 10/03/06
Let me ask you this then  Shelendrea | 10/03/06
My Beemer . . .  brian ansorge | 10/03/06
What gets me the most about these ignorant MS shills .  I'm Ye, the MS SHILL . | 10/03/06
If you had looked before you posted ...  ShadeTree | 10/03/06
So is it really as simple as being black and white?  Laff | 10/03/06
Look in the mirror ...  ShadeTree | 10/03/06
I do look in the mirror and find it hard to pull away...such a good  Laff | 10/03/06
I don't find men that attractive but ...  ShadeTree | 10/04/06
Perhaps..but for the life of me I don't see myself as being  Laff | 10/04/06
Depends  rapson | 10/03/06
Oops  rapson | 10/03/06
Good one...  Laff | 10/03/06
Advertising exploits apparantly has it's effects...  BitTwiddler | 10/03/06
Silly local privilege escalation  RealNonZealot | 10/03/06
Sigh. I guess Mac coddles users too much  wolf_z | 10/04/06
Microsoft prays for "exploits" this benign!  Userama | 10/03/06
Never mind the facts - I'm a Mac user  TonyMcS | 10/03/06
Ah but the real quesion is can one be MORE secure?  Laff | 10/03/06
who cares...  doctorSpoc | 10/03/06
Hilarious!!  NonZealot | 10/03/06
Sounds like a...  Rick_K | 10/04/06
Security is only relative  ken_ballard@... | 10/04/06
Only to a certain degree  NonZealot | 10/03/06
Nope choice is fine by me...  Laff | 10/04/06
Try building a custom Mac from scratch  ken_ballard@... | 10/04/06
Of course you can.  peterlav | 11/20/06
Problem at Zdnet is  Boot_Agnostic | 10/04/06
And with 10 seconds of "s/w Update" time from the Finder menu  Dr_T | 10/03/06
Local root exploit? I'm sure there's a number of them.  Resuna | 10/04/06

What do you think?

advertisement
advertisement
Click Here

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More