APE Tool for Apple Patches, Is Flawed
A tool used to fix bugs in Apple software has been found to have flaw in it. The group of researchers working on the 'Month of Apple Bugs' (MOAB) project has announced that there is vulnerability in the tool used to patch flaws in Apple programs. The MOAB is focusing on publishing one flaw each day in software applications of Apple throughout the month of January in 2007.
The recent vulnerability is in Application Enhancer (APE), a piece of software used to execute run-time patches to the daily-published security bugs in Apple. The vulnerability enables local attackers to gain root privileges in the computer by replacing or patching the APE thereby allowing compromise of computer by the user.
The author of APE is Unsanity. It's a third-party software item developed to "enhance and redefine" the way the applications run on Apple platforms. It installs plug-ins with code executed into active administering. MOAB project uses APE to administer run-time fixes to the bugs found by MOAB. When the applications run, the patches introduce themselves, track the vulnerable code & apply to remedy them.
MOAB issued an advisory about APE vulnerability asking people to refrain from using Application Enhancer. It warned that APE was flawed. There were other issues to APE as well. If the writers have dropped a binary running carrying root privileges on a user-writable passage they are capable of other undesirable behavior.
Landon Fuller who led the MOAB project through his development of open source and promised to supply fixes to the flaws with the help of the appliance, said the bug was merely a proof-of-concept error.
Fuller said in his blog the vulnerability was real, and the local administrator on the system could obtain root access, without users' consent by substituting pieces of APE installation.
It is not possible to exploit the APE flaw remotely, but with combination of a remote exploit it can acquire upward privileges. Fuller added that it was better to use a vendor-supplied update than a third-party patch. He has devised a temporary address to the problem instead of a full-time patch.
» SPAMfighter News - 16-01-2007