Exploit released for Mac OS X flaw

Discussion in 'MacBytes.com News Discussion' started by hagjohn, Oct 2, 2006.

  1. hagjohn macrumors 6502


    Aug 27, 2006
    Exploit released for Mac OS X flaw
    By Joris Evers
    Staff Writer, CNET News.com
    Published: October 2, 2006, 6:25 PM PDT

    Computer code that exploits a flaw in Apple Computer's Mac OS X was released over the weekend.

    The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

    "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

    Apple representatives did not immediately return calls for comment.

    Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

    read rest of article at the link below...

    Source: news.com
  2. iMeowbot macrumors G3


    Aug 30, 2003
    That sure was nice of them to hang on to the program until after the patch was released.

    This particular bug required the attacker to already have a non-privileged account on the machine. This isn't something that any old random attacker could exploit. Places like school labs would have been vulnerable, but not your average home machine.
  3. beatsme macrumors 65816


    Oct 6, 2005
    it's only a matter of time, really. Someone industrious enough will figure out a way to corrupt OSX by exploiting an existing vulnerability. I'm inclined to think that the only reason it hasn't happened yet is because of the complexity of UNIX, which must seem pretty daunting to your average hacker kid.
  4. bousozoku Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    It's good that they got it fixed. Now, they need to get to the other one in the kernel.

    I wonder if anyone will use the exploit on machines loaded with Jaguar.
  5. tvguru macrumors 6502

    Apr 29, 2005
    Kenora, ON Canada
    As long as exploits are released after the patch I have no problems with them. :) It'll be a sad day when one gets released before there is a patch, but oh well the world will continue to turn.:p
  6. MacBytes macrumors bot

    Jul 5, 2003
  7. scottlinux macrumors 6502a


    Sep 21, 2005
    Not a threat.

  8. SC68Cal macrumors 68000

    Feb 23, 2006
    But this was already patched, was it not? I think the CNET article noted that.

    To the above poster. It is a threat. Any sort of priv. escalation is a threat because you can probably get a rogue process that is spawned by a logged in user (Like Oompa Loompa) to start an escalated priv. shell in the background
  9. mduser63 macrumors 68040


    Nov 9, 2004
    Salt Lake City, UT
    It has already been patched, and it's only usable by a user that already has access to the machine.

    Nothing to see here...
  10. nagromme macrumors G5


    May 2, 2002
    SOMETHING to see here, but not much :)

    Too many cries of Wold. Like the infamous iChat exploit that most "journalists" conveniently failed to mention could only spread over LAN, not over Internet.
  11. hagjohn thread starter macrumors 6502


    Aug 27, 2006
    quote from the article... "Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then."
  12. SPUY767 macrumors 68000


    Jun 22, 2003
    Ahhh, one of my favorite tales, The Boy Who Cried Wold.
  13. Lollypop macrumors 6502a


    Sep 13, 2004
    Johannesburg, South Africa
    Just out of interest sake, ssh is disabled by default in a mac right?

    My worry is that a lot of mac users dont really update their mac software the day Software Update informs them of it :eek: but ye... nothing much to see here :D
  14. SiliconAddict macrumors 603


    Jun 19, 2003
    Chicago, IL
    The problem is that SU only runs once a week. Or I think that is the default. Could be wrong though. And as mentioned this exploit appears to have appeared PRIOR to the patch being released.
    Exploits like this don't concern me. Wake me when OS X is susceptible to a worm.
  15. nodabs macrumors regular

    Sep 11, 2006
    Dell probably hired people to attempt to hack OS X in order to stop the Apple marketing campaign... haha :D
  16. whooleytoo macrumors 603


    Aug 2, 2002
    Cork, Ireland.
    Is that really an "exploit"? Given that it's benign, I'd have called it just a "proof of concept". (maybe I'm just arguing semantics..)
  17. nagromme macrumors G5


    May 2, 2002
    Sorry. Typo. I meant Mold.
  18. Earendil macrumors 68000


    Oct 27, 2003
    This is personally my favorite part:


    So, let's take all the Macs out there.
    Now take out all the Macs that have only a single account on them.
    Now take out all the Macs who's alternate user knows nothing about unix.

    How many are we left yet? Now make sure that those who know Unix can actually "easily" make this work, and also eliminate all the unix gurus who are decent human beings.
    (btw, we are hedging bets here that there is a main user without the knowledge to update their system, who has a 2nd user who: has less privledges, knows unix, and is evil)

    Exactly how many people are we left with?

    So someone could get screwed because their son/daughter is a genious, it's okay, he'll grow up to be a bright CS major (or a hacker).

    Until it can either
    A: spread over the internet automatically, or
    B: any idiot can figure out the hack
    I'm not going to be all that worried.

  19. Earendil macrumors 68000


    Oct 27, 2003

    I think I'm going to go down to main street and yell "a thousand dollars to the first one to tell me what a root shell is!!" and just see if I lose any money...
  20. Eraserhead macrumors G4


    Nov 3, 2005
    I think it is, it should go daily IMO.
  21. ZLMarshall macrumors newbie

    May 15, 2006
    Not the concern. The more accounts a computer has, the more chances someone will "lose" their password or have it stolen. So that dummy 2nd user isn't individually a concern, it's the world of hurt they open your poor mac up to when they use the same password on 45 different accounts (mail, chat, amazon, YOUR COMPUTER) and then start telling friends.

    Or almost as bad, people (I know some) who have NO password on their Mac for some users, or the password 'pass.'

    Never worry about the people you *know* have access to your computer. Worry about the people you didn't know had access, but know how to
    rm -rf *
  22. bousozoku Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    Authored does not mean distributed.
  23. sahnert macrumors 6502

    Oct 20, 2003
    IMHO this is a good summation of how worried most people should be.
  24. shadowfax macrumors 603


    Sep 6, 2002
    Houston, TX
    I think that this can be a significant concern to people who would never be concerned--specifically, people who are so unconcerned as to put weak (as in, admin, 123, pass, etc...) passwords on their user accounts...

    The only place an exploit like this could be a major threat is in an environment where the root account gives access to other accounts that maybe have information on them or access to compromise other computers on the network (like a workplace network). This is definitely insignificant, being that the hack is only as good as the computer whose user (unprivileged or no) you have the password for.

    Properly, that makes it an exploit--it's just too bad that a lot of the people that read an article like that won't realize that you can't write self-propagating viruses/worms with most exploits--certainly not this one--and so there is no concern unless you are being specifically targeted by an organization/person with some computer know-how....
  25. FoxyKaye macrumors 68000


    Jan 23, 2004
    San Francisco, Terre d'Ange, Bas Lag, Gallifrey
    Does anyone have any idea how many OS X users connect to the internet via modem rather than broadband? I often wonder about this when Apple's updates start going over 10-12MB each in size - for example, try downloading the 10.4.8 update on a 56K modem. The sheer size of Apple's updates could also be a reason why a certain percentage of OS X users don't update.

Share This Page