Code Exploit Released Before Patch For Mac
A malware website released a computer code that is able to exploit one of the fifteen vulnerabilities in Apple's Mac OS X computers. Apple later released the patch on September 29, 2006. The code is designed to exploit the flaws in the core parts of OS X and enables an attacker to acquire extra command over a Mac computer.
The code apparently was written long before the vulnerability was fixed, says Dino Dai Zovi, security researcher of Matasano. Apple gives due credit to Zovi for finding the flaw. According to Zovi the exploit was of a 'zero-day' kind and may have spread before the patch came into existence.
Representatives of Apple didn't return any calls to comment on the problem. Public exploits, which are usual for 'Windows Operating System', are new for OS X. Zovi believes more people are searching for vulnerabilities in Mac OS X.
The flaw has certain characteristics. First, an attacker who exploits this flaw can have remote access to the Mac PC. The risk is high for computers running Mac with servers having remote access facilities. Moreover, a user having constrained access to his system can use the flaw to obtain complete access to the computer. However, the risk pertaining to this exploit is lessened because only a logged-in user can exploit it even if he is logged-in remotely. But since a patch is already present, the issue is reduced in importance.
The publicly released exploit, to some extent, is not very harmful for it shows the way for running 'usr/bin/id' utility that permits a user to acquire full administrator rights to an OS X computer.
The exploit creator, Matthijis van Duin, says that it is possible to use the exploit for anything desired. A miscreant with the least skill can change it to create a root-shell. Zovi agrees that a slightly knowledgeable person could manipulate the code to run a root-shell with all advantages.
Apple has patched the exploit with OS X 10.4.8 upgrade, which is available for download from its website. The OS X design by Mac is to facilitate weekly check for any default security upgrades.
Related article: Chat Bot CyberLover Flirts to Steal Identities
» SPAMfighter News - 07-10-2006