Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Warning; your Mac could get Raped!
- Thread starter Scarlet Fever
- Start date
- Sort by reaction score
In his bog?
Yeah, i noticed that as well. The preef rooder must have taken a day off
(spelling mistakes intentional)
yes apple is relly quite good at patches for software holes.. i think 10.4.10 might have already fixed it
GO APPLE!!!!!!!
In his bog?
back into the bog.
It is interesting though that a POC for mac is a huge crisis, but all the Windows based viruses go with out notice. Maybe PC viruses are like Paris Hilton, no one cares anymore, to much over-exposer.
My understanding is that the "researcher" hasn't proved the viability of the attack outside of his/her lab yet. Until he/she does, I'm inclined to think he/she's just blowing smoke.
I'm all for an OS X worm, who knows, maybe it'll quiet all the "OS X IS INVINCIBLE!" types and all the haters can stop thinking that every Mac user is a smug SOB.
I'm all for an OS X worm, who knows, maybe it'll quiet all the "OS X IS INVINCIBLE!" types and all the haters can stop thinking that every Mac user is a smug SOB.
I dont know if 10.4.10 is still vulnerable, but it is possible to disable mdns (Bonjour) with the opensource app "lingon".
http://lingon.sourceforge.net/
Go to the tab "System Daemons" and disable "com.apple.mDNSResponder".
Im not 100% sure if this fixes the hole, but the text says "Using a currently undisclosed vulnerability in mDNSResponder..." so this might be right.
Bonjour related stuff (Printers, ichat, the adium bonjour plugin...) wont work when mdnsResponder is deactivated.
Be careful, if you mess with other system daemons you might wreck your system, i cannot guarantee that it closes the hole since i have no samples of the worm.
Maybe someone who has more Information about Bonjour could confirm this
http://lingon.sourceforge.net/
Go to the tab "System Daemons" and disable "com.apple.mDNSResponder".
Im not 100% sure if this fixes the hole, but the text says "Using a currently undisclosed vulnerability in mDNSResponder..." so this might be right.
Bonjour related stuff (Printers, ichat, the adium bonjour plugin...) wont work when mdnsResponder is deactivated.
Be careful, if you mess with other system daemons you might wreck your system, i cannot guarantee that it closes the hole since i have no samples of the worm.
Maybe someone who has more Information about Bonjour could confirm this
Well it has already been patched and it doesn't affect 10.3 downwards then this really is a non issue. However there might be useful information contained within it that apple could use to further lock down the system.
it's awesome how a POC gets media attention, while 114,000 viruses last year for PCs gets nothing
Or more likely - most PC users are already using various virus protection programs while OS X users go around nekkid. 1000 new viruses pop-up for the PC and most machines will be pretty safe. 1 new virus pops-up for OS X and how many of us will go down in flames - I know that I will.
What a POC does is remind people that there is a place for those protections on every system and the end-user needs to weigh the costs and benefits of running those apps.
from here
it's awesome how a POC gets media attention, while 114,000 viruses last year for PCs gets nothing
of those 114,000 viruses how many where trogins (OSX is fairly easy to hit with a trojin since it uses user stupidity to get into the computer), how many where just variation of an older virus that been around for years.
And I would like to point out that when MSBlaster hit the web it used a security hole that was patch months before hand. If you haven't noticed Microsoft no longer release what holes it has patch because people where taking that information and figuring out how to exploit the hole that would be in an unpatched system.
here is my question. why would you want them to test it outside of the lab. The lab is self contained and will not let the worm get out in the open world. Once it gets out in the open it will spread very quickly and be impossible to contain.
it says 10.4.10 is vulnerable...
Vulnerable: Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
http://www.securityfocus.com/bid/24924
Vulnerable: Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
http://www.securityfocus.com/bid/24924
Wow, it's about time, but it's all for good cause, he's giving it to Apple so they can fix the system. As for that one Apple fan boy... he's way too extreme... and foolish... and uninformed.
Running currently existing virus protection programs on your Mac would be useless against this worm since it didn't exist when they were created.
It's actually an example of how insecure PC users can be about the whole virus issue, to the extent that they feel the need to write a worm/virus for other platforms because they're annoyed with how smug the users of other platforms are.
Being insecure has nothing to do with it.
Being sick of smug Mac users, absolutely.
You're right - but the point is that under the current distribution system, if there was a worm, we would need Apple to release a specific patch for it and wait for people to get it from software update - not the best method for fire control. I have software update set to run weekly, so I wouldn't get it anyway for quite a while. Virus protection systems should catch unknowns more easily as a result of dedicated distribution systems and their inherent design is to look for things that look suspicious.
Am I saying that the worm would be stopped right away? No. Just that it might get caught, quarantined, and squashed a bit more quickly. Should people be running software from those companies? I say that the FUD they produce and performance hit outweighs the inherent security of OS X - so no. But, this POC is a reminder that we aren't invulnerable and we should at least remember that virus protection is out there.
i do sincerely apologise. Next time I make a thread warning people of the inevitable security holes Mac OS X has, I'll also put a picture of some nice fluffy kittens or a link to a flash game, so you can continue to live in ignorance.
seriously mate, if you don't have anything remotely constructive to say, don't bother saying it. For a start, you could tell me why this is the most. boring. thread. ever.