Attack code out for Apple flaw

By Joris Evers
Posted on ZDNet News: Jun 29, 2006 6:57:00 PM

Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday, increasing the urgency to patch.

The code's arrival comes just a day after Apple made an update available for its operating system. The malicious program takes advantage of a locally exploitable vulnerability in an operating system component called "launchd".

"Attackers may exploit this issue to execute arbitrary code with elevated privileges," Symantec said in a security alert to customers that was updated on Thursday.

On Tuesday, Apple delivered Mac OS X 10.4.7. The operating system update repairs a total of five flaws. Four of them affect both the client version of Mac OS X. The other, in the ClamAV antivirus software, has an impact on the server release.

Apple is recommending that people install all updates when they're issued to keep their software fully up to date, a company representative said Thursday.

"This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," the representative said, referring to the ability for the exploit code to run.

The exploit was created by Kevin Finisterre, a security researcher at Digital Munition. Earlier this year, Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. His actions are in part to demonstrate that Apple software is not unbreakable, he has said.

Apple users can download Mac OS X 10.4.7 through Software Update or the standalone installer. Typically, the Mac OS automatically checks for updates once a week.

Separately on Thursday, Apple put out iTunes 6.0.5, an update that it said fixes a security problem that could be used in a denial-of-service attack or let an intruder run code on vulnerable systems.

"The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability," the company said on its security Web site. "Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files."

The iTunes vulnerability affects Mac OS X versions 10.2.8 or later and Microsoft Windows XP and 2000, Apple said.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 97 Talkback(s)

Thread View
Flat View

we're not interested anyway: Y A W N (Read the rest); Posted by: labarker Posted on: 12/04/06 You are currently: Logged In | Log out

Disgusting! I HATE HIM!!! NonZealot | 06/29/06

Who said he hates Apple? John Zern | 06/29/06

nice one! <NT> eb276 | 06/29/06

Careful! Wolfie2K3 | 06/29/06

It isn't. kiddpeat | 06/29/06

i smell a troll thatxbxtchxnicoll | 06/30/06

oops thatxbxtchxnicoll | 06/30/06

Better him then .... deepee912 | 06/30/06

Actually... cashaww | 06/30/06

You all make me sick. harrisharris | 07/11/06

we're not interested anyway labarker | 12/04/06

Symantec wrote this code to sell more of there crap? Reverend MacFellow | 06/29/06

You obviously have a reading disability. ShadeTree | 06/29/06

And what's the danger? Laff | 06/29/06

Welcome to the real world, Apple... BFD | 06/29/06

I'm going to defend Apple. GASP!! NonZealot | 06/29/06

Heh. A_Pickle | 06/29/06

i konw lemon_mool | 06/29/06

True. Cayble | 06/29/06

RE: True. richdave | 07/03/06

Sorry I exaggerated Cayble | 07/03/06

real world? st!lborn | 06/29/06

This problem is fixed with the automatc update MacGeek2121 | 06/29/06

Update and burn csa0307 | 06/30/06

Alternative to the default updates lwvirden | 06/30/06

Sage advice 999ad@... | 06/30/06

updates and crashes Mr_Dave | 06/30/06

Wow, one exploit, how many for MS GoPower | 06/29/06

Hmm, about that reality check... Scrat | 06/30/06

Postage Stamp? ladyirol | 06/30/06

17 years? 3D0G | 06/30/06

I was using Macs back then too 999ad@... | 06/30/06

Burst my bubble? 3D0G | 06/30/06

I don't think anyone will deny that. 999ad@... | 06/30/06

Interesting.. cashaww | 06/30/06

funny doh123 | 06/29/06

I do not think.... cashaww | 06/30/06

who's going to patch windoze? Linux Geek | 06/29/06

Apple st!lborn | 06/29/06

Should stop handing out bad advice... John Zern | 06/29/06

"Holy COW" , like Phil Rizutto would say . I'm Ye, the MS SHILL . | 06/29/06

You can run it in an OSX Window with Parallels MacGeek2121 | 06/29/06

Hmm... A_Pickle | 06/29/06

Excuse me, but... 3D0G | 06/29/06

Apple = FreeBSD thatxbxtchxnicoll | 06/30/06

LOL 3D0G | 06/30/06

You bring shame... yyuko@... | 06/29/06

Here! Here! Well said Cayble | 06/29/06

Your wasting your time yyuko Scrat | 06/30/06

Another solution... 3D0G | 06/29/06

iTunes can be used in Linux . I'm Ye, the MS SHILL . | 07/02/06

You will, you work there Boot_Agnostic | 06/29/06

Ok........... Badgered | 06/29/06

No need to "Deal with it" MacGeek2121 | 06/29/06

Heh.. A_Pickle | 06/29/06

Wrapping a towel around your head will not help... dav1dsm1th | 06/30/06

Don't panic.... handydan918 | 06/30/06

From A Mac User.. GSavage777 | 06/29/06

From a PC user... A_Pickle | 06/29/06

Er.. Not to pick nits.. but... Wolfie2K3 | 06/29/06

Erm... A_Pickle | 06/30/06

As you have aptly pointed out 999ad@... | 06/30/06

Erm... A_Pickle | 06/30/06

Erm... 999ad@... | 07/01/06

Graphics isn't that much to ask for. <nt> A_Pickle | 07/01/06

Ahem, johnfatz@... | 07/01/06

Secure MS PC 30bob1 | 06/29/06

What a load of BS GoPower | 06/29/06

My experience too NonZealot | 06/29/06

you keep forgetting... thatxbxtchxnicoll | 06/30/06

Hardly... Wolfie2K3 | 06/29/06

Hi, I'm a Windows Administrator 3D0G | 06/30/06

How bizarre! lwvirden | 06/30/06

How about comparing a version of Windows from this century? 3D0G | 06/30/06

I will take the bait... cashaww | 06/30/06

Me, too....but, uh... Feldwebel Wolfenstool | 07/03/06

HAHA! jeanruss | 06/29/06

"Only" a local privilege elevation. Resuna | 06/29/06

so now what? lemon_mool | 06/29/06

Stay up to date and you are Ken_z | 06/29/06

Does your wife know... dav1dsm1th | 06/30/06

Actually my wife Ken_z | 06/30/06

Sounds like dav1dsm1th | 06/30/06

try downloading the iTunes update... thatxbxtchxnicoll | 06/30/06

YAWN... s_gamgee | 06/30/06

Attack a Mac? Popsprice | 06/30/06

Payback for Contentious, Misleading Ads Neutrodyne | 06/30/06

Man, you are so illinformed 999ad@... | 06/30/06

Man, you touched on some real issues Boot_Agnostic | 06/30/06

I've heard all sorts of feedback on the ads 999ad@... | 06/30/06

Feedback from an admitted Apple hater NonZealot | 06/30/06

Windows In 1984? MonsterPuppy | 06/30/06

My bad! NonZealot | 06/30/06

Interesting 999ad@... | 06/30/06

well we all know why pcs are better, right? obilesk | 07/01/06

Apple Pot Shots?? pirate1313 | 07/03/06

There ya go....SQUARE DINKUM.... Feldwebel Wolfenstool | 07/03/06

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry