OS X Attack Code Released, and iTunes AAC Security Vulnerability Patched

Discussion in 'MacRumors News Discussion (archive)' started by MacRumors, Jun 29, 2006.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    According to News.com, security researcher Kevin Finisterre at Digital Munition has released "attack code" to the public that can locally exploit the launchd daemon.

    The code affects Mac OS 10.4.0 - 10.4.6 (excluding the recently released 10.4.7 and 10.3.x). The same researcher also created a proof-of-concept Bluetooth exploiting worm earlier this year. According to News.com, his actions are in part to show that Apple software is not unbreakable.

    Also mentioned in the article is that iTunes 6.0.5 is quietly patching an AAC parsing flaw.


    Digg this story
     
  2. macrumors 6502a

    dizastor

    Joined:
    Dec 27, 2001
    Location:
    Los Angeles
    #2
    another proof of concept. This isn't cool. Eventually someone will release one of these things in a less than sanitary manner.
     
  3. Guest

    iGary

    Joined:
    May 26, 2004
    Location:
    Randy's House
  4. macrumors member

    Joined:
    May 19, 2003
    #4

    at least they released it after it had been fixed by apple.
     
  5. macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #5
    More bad publicity for Apple..Shows me that Apple is becoming a threat to the PeeCee world and because of this is coming under increasing PR attacks.
     
  6. macrumors regular

    michaeldmartin

    Joined:
    Jun 29, 2006
    Location:
    Testicles. That is all.
    #6
    They have released a virus in a less-than-sanitary manner: Skype. (Leaked Beta) It was an accident, from a bug.. If you want to think of it as a virus, that is.
     
  7. macrumors 6502a

    Joined:
    May 13, 2005
    Location:
    UK
    #7
    Yet another example of why you should always download updates as soon as they are released - they often fix issues, and often highlight previous flaws which some people then take advantage of.
     
  8. Guest

    caveman_uk

    Joined:
    Feb 17, 2003
    Location:
    Hitchin, Herts, UK
    #8
    So it's not just willy waving then? Oh good. :rolleyes:

    Seriously, Apple has one day to get people patched and this 'security researcher' releases exploit code on the web. Well thank you. At least it's only a local exploit.
     
  9. macrumors member

    Joined:
    Dec 27, 2004
    Location:
    Belfast, Northern Ireland
    #9
    exactally what i was thinking bro! i like living in my wee bubble...
     
  10. macrumors 68000

    RichP

    Joined:
    Jun 30, 2003
    Location:
    Motor City
    #10
    [​IMG]


    As stated indirectly by mlr, still better than Windows. Unfortuneatly, Apple's high profile is going to make it more of a target, even if the marketshare is as low as it is.
     
  11. macrumors 604

    zap2

    Joined:
    Mar 8, 2005
    Location:
    Washington D.C
  12. macrumors 68020

    Joined:
    Aug 9, 2000
    Location:
    54140
    #12
    Gosh... a single proof of concept of a local exploit... :rolleyes:

    This really isn't that big of a deal. Moral of the story: run Software Update regularly. Apple has done really well in patching their own holes, and responding to these types of "exploits".

    That being said, nobody (even Apple) claimed that Macs are somehow immune to security exploits, attacks, and viruses. Nobody should be surprised that these types of things exist, and will someday have a greater impact on your workflow.
     
  13. macrumors 604

    MacsRgr8

    Joined:
    Sep 8, 2002
    Location:
    The Netherlands
    #13
    Yep.. the're too late IMHO. ;)
     
  14. Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Kepler-452b
    #14
    Mac OS X 10.4.7 may fix it for Mac OS X 10.4, but Mac OS X 10.3 and earlier may have the same vulnerability. I generally feel safer with the latest O.S. release, even though new flaws will invariably be discovered, because at least the widely known flaws are fixed.
     
  15. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #15
    10.3 is not affected by the launchd vulnerability.
     
  16. macrumors newbie

    Joined:
    Jun 29, 2006
    #16
    Who really cares? No software is "un-breakable" and nobody ever said that Apple software was. It is still, better, more user-friendly, and more secure than Windows.
     
  17. macrumors 6502a

    Jetson

    Joined:
    Oct 5, 2003
    #17
    I liked that worm crawling out of the apple graphic :D
     
  18. macrumors 6502a

    Texas04

    Joined:
    Jul 2, 2005
    Location:
    Texas
    #18
    I have to agree with the Water analogy posted above...

    My mac alows me to be safer, not immune, and work better than I could ever do with Windows... And Apple does a good job of securing its software, and making sure that everything runs fine "out of the box".

    "I'd rather drink water from my local restaraunt, than one in Mexico"


    P.S. I'm Mexican to.... :rolleyes: And i still love my heritiage and home country!!! :D
     
  19. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #19
    It's actually a really old graphic we have on the system. We've shunned some of the older ones for the more classic "news" and "rumor" graphics (aka the newspaper and question mark), but I thought I'd bring out the worm for this one :p
     
  20. macrumors regular

    Cubert

    Joined:
    Apr 30, 2005
    #20
    Obviously, Apple is on top of things. Their latest releases patch the issue.
     
  21. macrumors 6502a

    iJaz

    Joined:
    Dec 16, 2004
  22. macrumors 6502

    Joined:
    Jun 23, 2003
    #22
    We really need a Slashdot-like moderating system.... -1 Troll!
     
  23. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #23
    Damnit, who keeps saying that it is? Well, cut it out!! :rolleyes:
     
  24. macrumors 68040

    XNine

    Joined:
    Apr 7, 2005
    Location:
    Why are you wearing that stupid man suit?
    #24
    *yawn*

    So, really, who gives a damn? I don't want proof-of-concept. I want proof that it works in the wild. Come on now. Someone do something here. Quit making all of these claims. It's like foreplay without the ending. Ya know? WTF?
     
  25. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #25
    Wait. According to the "security through obscurity" people, nobody is writing exploits for Mac OS X because of its low marketshare. How can this be? ;)
     

Share This Page