Exploit released for Mac OS X flaw

Discussion in 'MacBytes.com News Discussion' started by hagjohn, Oct 2, 2006.

  1. macrumors 6502

    Joined:
    Aug 27, 2006
    Location:
    Pennsylvania
    #1
    Exploit released for Mac OS X flaw
    By Joris Evers
    Staff Writer, CNET News.com
    Published: October 2, 2006, 6:25 PM PDT

    Computer code that exploits a flaw in Apple Computer's Mac OS X was released over the weekend.

    The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

    "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

    Apple representatives did not immediately return calls for comment.

    Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

    read rest of article at the link below...

    Source: news.com
     
  2. macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #2
    That sure was nice of them to hang on to the program until after the patch was released.

    This particular bug required the attacker to already have a non-privileged account on the machine. This isn't something that any old random attacker could exploit. Places like school labs would have been vulnerable, but not your average home machine.
     
  3. macrumors 65816

    beatsme

    Joined:
    Oct 6, 2005
    #3
    it's only a matter of time, really. Someone industrious enough will figure out a way to corrupt OSX by exploiting an existing vulnerability. I'm inclined to think that the only reason it hasn't happened yet is because of the complexity of UNIX, which must seem pretty daunting to your average hacker kid.
     
  4. Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #4
    It's good that they got it fixed. Now, they need to get to the other one in the kernel.

    I wonder if anyone will use the exploit on machines loaded with Jaguar.
     
  5. macrumors 6502

    Joined:
    Apr 29, 2005
    Location:
    Kenora, ON Canada
    #5
    As long as exploits are released after the patch I have no problems with them. :) It'll be a sad day when one gets released before there is a patch, but oh well the world will continue to turn.:p
     
  6. macrumors bot

    Joined:
    Jul 5, 2003
    #6
  7. macrumors 6502a

    scottlinux

    Joined:
    Sep 21, 2005
    #7
    Not a threat.

     
  8. macrumors 68000

    Joined:
    Feb 23, 2006
    #8
    But this was already patched, was it not? I think the CNET article noted that.

    To the above poster. It is a threat. Any sort of priv. escalation is a threat because you can probably get a rogue process that is spawned by a logged in user (Like Oompa Loompa) to start an escalated priv. shell in the background
     
  9. macrumors 68040

    mduser63

    Joined:
    Nov 9, 2004
    Location:
    Salt Lake City, UT
    #9
    It has already been patched, and it's only usable by a user that already has access to the machine.

    Nothing to see here...
     
  10. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #10
    SOMETHING to see here, but not much :)

    Too many cries of Wold. Like the infamous iChat exploit that most "journalists" conveniently failed to mention could only spread over LAN, not over Internet.
     
  11. thread starter macrumors 6502

    Joined:
    Aug 27, 2006
    Location:
    Pennsylvania
    #11
    quote from the article... "Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then."
     
  12. macrumors 68000

    SPUY767

    Joined:
    Jun 22, 2003
    Location:
    GA
    #12
    Ahhh, one of my favorite tales, The Boy Who Cried Wold.
     
  13. macrumors 6502a

    Lollypop

    Joined:
    Sep 13, 2004
    Location:
    Johannesburg, South Africa
    #13
    Just out of interest sake, ssh is disabled by default in a mac right?

    My worry is that a lot of mac users dont really update their mac software the day Software Update informs them of it :eek: but ye... nothing much to see here :D
     
  14. macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #14
    The problem is that SU only runs once a week. Or I think that is the default. Could be wrong though. And as mentioned this exploit appears to have appeared PRIOR to the patch being released.
    Exploits like this don't concern me. Wake me when OS X is susceptible to a worm.
     
  15. macrumors regular

    Joined:
    Sep 11, 2006
    Location:
    PA
    #15
    Dell probably hired people to attempt to hack OS X in order to stop the Apple marketing campaign... haha :D
     
  16. macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #16
    Is that really an "exploit"? Given that it's benign, I'd have called it just a "proof of concept". (maybe I'm just arguing semantics..)
     
  17. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #17
    Sorry. Typo. I meant Mold.
     
  18. macrumors 68000

    Earendil

    Joined:
    Oct 27, 2003
    Location:
    Washington
    #18
    This is personally my favorite part:

    .

    So, let's take all the Macs out there.
    Now take out all the Macs that have only a single account on them.
    Now take out all the Macs who's alternate user knows nothing about unix.

    How many are we left yet? Now make sure that those who know Unix can actually "easily" make this work, and also eliminate all the unix gurus who are decent human beings.
    (btw, we are hedging bets here that there is a main user without the knowledge to update their system, who has a 2nd user who: has less privledges, knows unix, and is evil)

    Exactly how many people are we left with?

    So someone could get screwed because their son/daughter is a genious, it's okay, he'll grow up to be a bright CS major (or a hacker).

    Until it can either
    A: spread over the internet automatically, or
    B: any idiot can figure out the hack
    I'm not going to be all that worried.

    ~Tyler
     
  19. macrumors 68000

    Earendil

    Joined:
    Oct 27, 2003
    Location:
    Washington
    #19
    ll

    I think I'm going to go down to main street and yell "a thousand dollars to the first one to tell me what a root shell is!!" and just see if I lose any money...
     
  20. macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #20
    I think it is, it should go daily IMO.
     
  21. macrumors newbie

    Joined:
    May 15, 2006
    #21
    Not the concern. The more accounts a computer has, the more chances someone will "lose" their password or have it stolen. So that dummy 2nd user isn't individually a concern, it's the world of hurt they open your poor mac up to when they use the same password on 45 different accounts (mail, chat, amazon, YOUR COMPUTER) and then start telling friends.

    Or almost as bad, people (I know some) who have NO password on their Mac for some users, or the password 'pass.'

    Never worry about the people you *know* have access to your computer. Worry about the people you didn't know had access, but know how to
    rm -rf *
     
  22. Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #22
    Authored does not mean distributed.
     
  23. macrumors 6502

    Joined:
    Oct 20, 2003
    Location:
    Seattle
    #23
    IMHO this is a good summation of how worried most people should be.
     
  24. macrumors 603

    shadowfax

    Joined:
    Sep 6, 2002
    Location:
    Houston, TX
    #24
    I think that this can be a significant concern to people who would never be concerned--specifically, people who are so unconcerned as to put weak (as in, admin, 123, pass, etc...) passwords on their user accounts...

    The only place an exploit like this could be a major threat is in an environment where the root account gives access to other accounts that maybe have information on them or access to compromise other computers on the network (like a workplace network). This is definitely insignificant, being that the hack is only as good as the computer whose user (unprivileged or no) you have the password for.

    Properly, that makes it an exploit--it's just too bad that a lot of the people that read an article like that won't realize that you can't write self-propagating viruses/worms with most exploits--certainly not this one--and so there is no concern unless you are being specifically targeted by an organization/person with some computer know-how....
     
  25. macrumors 68000

    FoxyKaye

    Joined:
    Jan 23, 2004
    Location:
    San Francisco, Terre d'Ange, Bas Lag, Gallifrey
    #25
    Does anyone have any idea how many OS X users connect to the internet via modem rather than broadband? I often wonder about this when Apple's updates start going over 10-12MB each in size - for example, try downloading the 10.4.8 update on a 56K modem. The sheer size of Apple's updates could also be a reason why a certain percentage of OS X users don't update.
     

Share This Page