Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Old Oct 2, 2006, 09:38 PM   #1
hagjohn
macrumors 6502
 
Join Date: Aug 2006
Location: Pennsylvania
Exploit released for Mac OS X flaw

Exploit released for Mac OS X flaw
By Joris Evers
Staff Writer, CNET News.com
Published: October 2, 2006, 6:25 PM PDT

Computer code that exploits a flaw in Apple Computer's Mac OS X was released over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

Apple representatives did not immediately return calls for comment.

Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

read rest of article at the link below...

Source: news.com
__________________
MacBook (week 38): 2.0Mhz, 120GB HD, 2GB
Desktop: AMD FX-6300 w/ H60 Cooler, Extreme3 990FX, 16GB 1866, R6850, SH103S3 SSD, Windows 8 x64
iPhone 4S, iPad Mini, Shuffle2 1GB, TV3
hagjohn is offline   0
Old Oct 2, 2006, 09:46 PM   #2
iMeowbot
macrumors 601
 
iMeowbot's Avatar
 
Join Date: Aug 2003
That sure was nice of them to hang on to the program until after the patch was released.

This particular bug required the attacker to already have a non-privileged account on the machine. This isn't something that any old random attacker could exploit. Places like school labs would have been vulnerable, but not your average home machine.
iMeowbot is offline   0
Old Oct 2, 2006, 10:17 PM   #3
beatsme
macrumors 65816
 
beatsme's Avatar
 
Join Date: Oct 2005
Quote:
Originally Posted by hagjohn
Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.
it's only a matter of time, really. Someone industrious enough will figure out a way to corrupt OSX by exploiting an existing vulnerability. I'm inclined to think that the only reason it hasn't happened yet is because of the complexity of UNIX, which must seem pretty daunting to your average hacker kid.
beatsme is offline   0
Old Oct 2, 2006, 10:49 PM   #4
bousozoku
Moderator emeritus
 
Join Date: Jun 2002
Location: Gone but not forgotten.
It's good that they got it fixed. Now, they need to get to the other one in the kernel.

I wonder if anyone will use the exploit on machines loaded with Jaguar.
bousozoku is offline   0
Old Oct 2, 2006, 10:54 PM   #5
tvguru
macrumors 6502
 
Join Date: Apr 2005
Location: Kenora, ON Canada
As long as exploits are released after the patch I have no problems with them. It'll be a sad day when one gets released before there is a patch, but oh well the world will continue to turn.
tvguru is offline   0
Old Oct 2, 2006, 11:16 PM   #6
MacBytes
macrumors bot
 
Join Date: Jul 2003
Exploit released for Mac OS X flaw




Category: Mac OS X
Link: Exploit released for Mac OS X flaw
Description:: none

Posted on MacBytes.com
Approved by Mudbug
MacBytes is offline   0
Old Oct 2, 2006, 11:27 PM   #7
scottlinux
macrumors 6502a
 
Join Date: Sep 2005
Not a threat.

Quote:
"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."
scottlinux is offline   0
Old Oct 2, 2006, 11:27 PM   #8
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
But this was already patched, was it not? I think the CNET article noted that.

To the above poster. It is a threat. Any sort of priv. escalation is a threat because you can probably get a rogue process that is spawned by a logged in user (Like Oompa Loompa) to start an escalated priv. shell in the background
SC68Cal is offline   0
Old Oct 3, 2006, 12:00 AM   #9
mduser63
macrumors 68040
 
mduser63's Avatar
 
Join Date: Nov 2004
Location: Salt Lake City, UT
Send a message via AIM to mduser63
It has already been patched, and it's only usable by a user that already has access to the machine.

Nothing to see here...
mduser63 is offline   0
Old Oct 3, 2006, 01:55 AM   #10
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
SOMETHING to see here, but not much

Too many cries of Wold. Like the infamous iChat exploit that most "journalists" conveniently failed to mention could only spread over LAN, not over Internet.
nagromme is offline   0
Old Oct 3, 2006, 05:51 AM   #11
hagjohn
Thread Starter
macrumors 6502
 
Join Date: Aug 2006
Location: Pennsylvania
Quote:
Originally Posted by iMeowbot
That sure was nice of them to hang on to the program until after the patch was released.
quote from the article... "Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then."
__________________
MacBook (week 38): 2.0Mhz, 120GB HD, 2GB
Desktop: AMD FX-6300 w/ H60 Cooler, Extreme3 990FX, 16GB 1866, R6850, SH103S3 SSD, Windows 8 x64
iPhone 4S, iPad Mini, Shuffle2 1GB, TV3
hagjohn is offline   0
Old Oct 3, 2006, 06:30 AM   #12
SPUY767
macrumors 68000
 
SPUY767's Avatar
 
Join Date: Jun 2003
Location: GA
Ahhh, one of my favorite tales, The Boy Who Cried Wold.
__________________
Yo' mama's so STUPID, she went to Bangkok to get a TIE Fighter.
SPUY767 is offline   0
Old Oct 3, 2006, 07:23 AM   #13
Lollypop
macrumors 6502a
 
Join Date: Sep 2004
Location: Johannesburg, South Africa
Send a message via AIM to Lollypop Send a message via MSN to Lollypop Send a message via Yahoo to Lollypop Send a message via Skype™ to Lollypop
Just out of interest sake, ssh is disabled by default in a mac right?

My worry is that a lot of mac users dont really update their mac software the day Software Update informs them of it but ye... nothing much to see here
__________________
What do you get when u cross a nun with apple? A computer that will never go down on you!!
Lollypop is offline   0
Old Oct 3, 2006, 09:19 AM   #14
SiliconAddict
macrumors 601
 
SiliconAddict's Avatar
 
Join Date: Jun 2003
Location: Chicago, IL
Quote:
Originally Posted by Lollypop
Just out of interest sake, ssh is disabled by default in a mac right?

My worry is that a lot of mac users dont really update their mac software the day Software Update informs them of it but ye... nothing much to see here
The problem is that SU only runs once a week. Or I think that is the default. Could be wrong though. And as mentioned this exploit appears to have appeared PRIOR to the patch being released.
Exploits like this don't concern me. Wake me when OS X is susceptible to a worm.
__________________
-iPod Video 160GB
-MacBook Pro Core 2 Duo 2.33Ghz/3GB RAM/250GB

-Newton 4700 (a.k.a iPaq 4700)
-Dell 2405FPW 24" Widescreen
SiliconAddict is offline   0
Old Oct 3, 2006, 09:22 AM   #15
nodabs
macrumors regular
 
Join Date: Sep 2006
Location: PA
Dell probably hired people to attempt to hack OS X in order to stop the Apple marketing campaign... haha
nodabs is offline   0
Old Oct 3, 2006, 10:25 AM   #16
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Is that really an "exploit"? Given that it's benign, I'd have called it just a "proof of concept". (maybe I'm just arguing semantics..)
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0
Old Oct 3, 2006, 10:44 AM   #17
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by SPUY767
Ahhh, one of my favorite tales, The Boy Who Cried Wold.
Sorry. Typo. I meant Mold.
nagromme is offline   0
Old Oct 3, 2006, 11:47 AM   #18
Earendil
macrumors 68000
 
Earendil's Avatar
 
Join Date: Oct 2003
Location: Washington
This is personally my favorite part:

Quote:
Dai Zovi agreed with van Duin, saying that a knowledgeable user can easily replace or modify the exploit payload to run a full-access root shell
.

So, let's take all the Macs out there.
Now take out all the Macs that have only a single account on them.
Now take out all the Macs who's alternate user knows nothing about unix.

How many are we left yet? Now make sure that those who know Unix can actually "easily" make this work, and also eliminate all the unix gurus who are decent human beings.
(btw, we are hedging bets here that there is a main user without the knowledge to update their system, who has a 2nd user who: has less privledges, knows unix, and is evil)

Exactly how many people are we left with?

So someone could get screwed because their son/daughter is a genious, it's okay, he'll grow up to be a bright CS major (or a hacker).

Until it can either
A: spread over the internet automatically, or
B: any idiot can figure out the hack
I'm not going to be all that worried.

~Tyler
__________________
Current: MacMini 2ghz / iPod Touch 2g / iPhone 4g
Retired: Alum Powerbook 1.25ghz / 4gb iPod Mini

"ooo! They have the internet on computers now!" - Homer J. Simpson
Earendil is offline   0
Old Oct 3, 2006, 11:48 AM   #19
Earendil
macrumors 68000
 
Earendil's Avatar
 
Join Date: Oct 2003
Location: Washington
Quote:
Dai Zovi agreed with van Duin, saying that a knowledgeable user can easily replace or modify the exploit payload to run a full-access root she
ll

I think I'm going to go down to main street and yell "a thousand dollars to the first one to tell me what a root shell is!!" and just see if I lose any money...
__________________
Current: MacMini 2ghz / iPod Touch 2g / iPhone 4g
Retired: Alum Powerbook 1.25ghz / 4gb iPod Mini

"ooo! They have the internet on computers now!" - Homer J. Simpson
Earendil is offline   0
Old Oct 3, 2006, 01:42 PM   #20
Eraserhead
macrumors G4
 
Eraserhead's Avatar
 
Join Date: Nov 2005
Location: UK
Quote:
Originally Posted by SiliconAddict
The problem is that SU only runs once a week. Or I think that is the default.
I think it is, it should go daily IMO.
__________________
If they have to tell you every day they are fair you can bet they arent, if they tell you they are balanced then you should know they are not - Don't Hurt me
Eraserhead is offline   0
Old Oct 3, 2006, 02:24 PM   #21
ZLMarshall
macrumors newbie
 
Join Date: May 2006
Quote:
Originally Posted by Earendil
So, let's take all the Macs out there.
Now take out all the Macs that have only a single account on them.
Now take out all the Macs who's alternate user knows nothing about unix.

How many are we left yet? Now make sure that those who know Unix can actually "easily" make this work, and also eliminate all the unix gurus who are decent human beings.
(btw, we are hedging bets here that there is a main user without the knowledge to update their system, who has a 2nd user who: has less privledges, knows unix, and is evil)
Not the concern. The more accounts a computer has, the more chances someone will "lose" their password or have it stolen. So that dummy 2nd user isn't individually a concern, it's the world of hurt they open your poor mac up to when they use the same password on 45 different accounts (mail, chat, amazon, YOUR COMPUTER) and then start telling friends.

Or almost as bad, people (I know some) who have NO password on their Mac for some users, or the password 'pass.'

Never worry about the people you *know* have access to your computer. Worry about the people you didn't know had access, but know how to
rm -rf *
ZLMarshall is offline   0
Old Oct 3, 2006, 02:43 PM   #22
bousozoku
Moderator emeritus
 
Join Date: Jun 2002
Location: Gone but not forgotten.
Quote:
Originally Posted by hagjohn
quote from the article... "Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then."
Authored does not mean distributed.
bousozoku is offline   0
Old Oct 3, 2006, 02:50 PM   #23
sahnert
macrumors 6502
 
Join Date: Oct 2003
Location: Seattle
Quote:
Originally Posted by Earendil
So, let's take all the Macs out there.
Now take out all the Macs that have only a single account on them.
Now take out all the Macs who's alternate user knows nothing about unix.

How many are we left yet? Now make sure that those who know Unix can actually "easily" make this work, and also eliminate all the unix gurus who are decent human beings.
(btw, we are hedging bets here that there is a main user without the knowledge to update their system, who has a 2nd user who: has less privledges, knows unix, and is evil)

Exactly how many people are we left with?

So someone could get screwed because their son/daughter is a genious, it's okay, he'll grow up to be a bright CS major (or a hacker).

Until it can either
A: spread over the internet automatically, or
B: any idiot can figure out the hack
I'm not going to be all that worried.

~Tyler
IMHO this is a good summation of how worried most people should be.
sahnert is offline   0
Old Oct 3, 2006, 04:18 PM   #24
shadowfax
macrumors 601
 
shadowfax's Avatar
 
Join Date: Sep 2002
Location: Houston, TX
Send a message via AIM to shadowfax
I think that this can be a significant concern to people who would never be concerned--specifically, people who are so unconcerned as to put weak (as in, admin, 123, pass, etc...) passwords on their user accounts...

The only place an exploit like this could be a major threat is in an environment where the root account gives access to other accounts that maybe have information on them or access to compromise other computers on the network (like a workplace network). This is definitely insignificant, being that the hack is only as good as the computer whose user (unprivileged or no) you have the password for.

Properly, that makes it an exploit--it's just too bad that a lot of the people that read an article like that won't realize that you can't write self-propagating viruses/worms with most exploits--certainly not this one--and so there is no concern unless you are being specifically targeted by an organization/person with some computer know-how....
shadowfax is offline   0
Old Oct 3, 2006, 06:31 PM   #25
FoxyKaye
macrumors 68000
 
FoxyKaye's Avatar
 
Join Date: Jan 2004
Location: Oakland, Terre d'Ange, Bas Lag, Gallifrey
Quote:
Originally Posted by Lollypop
My worry is that a lot of mac users dont really update their mac software the day Software Update informs them of it...
Does anyone have any idea how many OS X users connect to the internet via modem rather than broadband? I often wonder about this when Apple's updates start going over 10-12MB each in size - for example, try downloading the 10.4.8 update on a 56K modem. The sheer size of Apple's updates could also be a reason why a certain percentage of OS X users don't update.
__________________
Core i7/1.7 8GB 13" 2013 MBA | Core i7/2.66 8GB 17" 2010 MBP | 64GB iPhone 5s
Chaos is a ladder... The climb is all there is.
FoxyKaye is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Mac OS Lion dev. 3 bug -BigMac- Mac OS X 10.7 Lion 0 May 8, 2011 06:39 AM
Shiira 1.0 released for Mac OS X 10.4 MacBytes MacBytes.com News Discussion 6 Apr 29, 2005 06:45 AM
Bittorrent 3.3 released for Mac OS X MacBytes New Mac Application Announcements 4 Oct 30, 2003 12:41 AM


All times are GMT -5. The time now is 05:32 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC