Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

New Mac OS X Security Vulnerability Found

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,459
13,093
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

Security company Secunia reports that a new vulnerability in the way Mac OS X handles the "fpathconf()" system call has been discovered.

The vulnerability exists due to an error in the "fpathconf()" syscall when it is called with an unsupported file type and can be exploited to cause a system panic.

The vulnerability was initially found in FreeBSD and was discovered in the latest version of 10.4.8 (with all patches applied) by Ilja Van Sprundel. The severity of the vulnerability is rated as "not critical," although a patch from Apple is not yet available. It is not currently known whether other systems (10.3.x, etc) are effected.

Recently, another Mac OS X concept virus was developed, code named OSX.Macarena. Similarly deemed "not critical", the virus is not known to be in the wild on more than 50 computers worldwide or at more than 2 sites (according to Symantec).
 

scottlinux

macrumors 6502a
Sep 21, 2005
691
1
Nothing but FUD. You have to have a local account on the machine.

"Description:
Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

"Failure to handle unknown file types by the Mac OS X kernel (XNU) fpathconf() syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users."
 
Comment

gekko513

macrumors 603
Oct 16, 2003
6,301
1
It's not FUD in itself. It's a "not critical" vulnerability of which lots are found every year for all OSes. Secunia reports them all. If it's reported as anything other than "not critical" it becomes FUD. As a single news item, it's not even worth a page 2 article. Together with the other non-news item OSX.Macarena... perhaps, but only just.
 
Comment

dr_lha

macrumors 68000
Oct 8, 2003
1,599
33
Yeah, can we not label real security issues as "FUD" please? Just because its only going to be a threat if you have evil users on your machine, doesn't mean they should report it. These guys (Secuna) are doing everyone a favor by finding these issues. Maybe a local exploit isn't important to you, but not every Mac has local trusted users, think College Mac labs for example.
 
Comment

bousozoku

Moderator emeritus
Jun 25, 2002
14,324
408
Lard
Nothing but FUD. You have to have a local account on the machine.

"Description:
Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

"Failure to handle unknown file types by the Mac OS X kernel (XNU) fpathconf() syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users."

It's still important that it's fixed. It may not happen that everyone is in the position to have the problem, but someone might. Security problems need to be handled correctly and quickly.
 
Comment

benthewraith

macrumors 68040
May 27, 2006
3,122
131
Miami, FL
Macrumors said:
Security company Secunia reports that a new vulnerability in the way Mac OS X handles the "fpathconf()" system call has been discovered.

Secunia? The ones that everyday publish crap about security vulnerabilities on the world wide web that can be read by thousands of black-hatters?
 
Comment

shadowfax

macrumors 603
Sep 6, 2002
5,849
0
Houston, TX
this would be cool and interesting. if it could spread, before it ran itself, and by "running itself," i mean copying that code into startupItems, so you KP every time you turn on. that'd at least be a pain in the neck to fix, if still non-destructive.
 
Comment

scottlinux

macrumors 6502a
Sep 21, 2005
691
1
If you have local access to a machine, you can basically do anything.

There are worse things you can do with sudo in both Linux and OS X, than what this above 'vulnerability' describes. Hacking the sudo config file is easy enough, also.

That's almost like saying; "Here's a Linux and OS X vulnerability":

(note: don't actually do this, unless you want to erase your hard drive)

$ sudo rm -rf /

Wow! News headline. We have a *VIRUS!*
Macrumors: post me to a page 2 headline!!


Recently, another Mac OS X concept virus was developed, code named OSX.Macarena.

The person who posted this in the first place has no idea what they are talking about. 'ANOTHER' virus? The FIRST link in question (secunia) is not a virus. It is about as far from being a virus as you can get. Why put a statement about a "virus" in with a local account bug?

I don't know how else you can spread FUD other than having a statement like the above statement.
 
Comment

iMikeT

macrumors 68020
Jul 8, 2006
2,304
1
California
Why does everyone make such a hubbub over one, that's right one possible vunerability or a concept virus that is rated to be "extremely low-critical" that's discovered in Mac OS X? I mean, no one makes a big deal when thousands of new bugs are found on Windoze everyday. But every time anything is found on Mac, the computer world goes nuts! I have that feeling that the moment that one real threat is exploited in Mac OS X (which I hope will never happen), all the Windoze fanboys will throw the largest celebration in the history of the computer world.:rolleyes:
 
Comment

bousozoku

Moderator emeritus
Jun 25, 2002
14,324
408
Lard
Why does everyone make such a bubbub over one, that's right one possible vunerability or a concept virus that is rated to be "extremely low-critical" that's discovered in Mac OS X? I mean, no one makes a big deal when thousands of new bugs are found on Windoze everyday. But every time anything is found on Mac, the computer world goes nuts! I have that feeling that the moment that one real threat is exploited in Mac OS X (which I hope will never happen), all the Windoze fanboys will throw the largest celebration in the history of the computer world.:rolleyes:

I believe it's because of all the ever-so-smug Mac users who are high on RDF but I could be mistaken. ;)
 
Comment

Analog Kid

macrumors 603
Mar 4, 2003
5,680
4,223
Each vulnerability is a link in a chain. You might be able to dismiss each issue individually, but when someone figures out how to chain a few of these together it becomes a problem.

Why does everyone make such a bubbub over one, that's right one possible vunerability or a concept virus that is rated to be "extremely low-critical" that's discovered in Mac OS X? I mean, no one makes a big deal when thousands of new bugs are found on Windoze everyday. But every time anything is found on Mac, the computer world goes nuts! I have that feeling that the moment that one real threat is exploited in Mac OS X (which I hope will never happen), all the Windoze fanboys will throw the largest celebration in the history of the computer world.:rolleyes:

Might it have something to do with the fact that you get your news from Mac oriented sites? Your interests filter the information you see. You won't see a lot of Windows vulnerabilities posted here-- not even on page 2...
 
Comment

yoavcs

macrumors regular
Apr 7, 2004
215
33
Israel
If you have local access to a machine, you can basically do anything.

There are worse things you can do with sudo in both Linux and OS X, than what this above 'vulnerability' describes. Hacking the sudo config file is easy enough, also.

That's almost like saying; "Here's a Linux and OS X vulnerability":

(note: don't actually do this, unless you want to erase your hard drive)

$ sudo rm -rf /

All well and good except for the fact that for sudo you need an admin password. For this security bug, you just need to write a program that makes a bad system call. No password needed.
 
Comment

dr_lha

macrumors 68000
Oct 8, 2003
1,599
33
scottlinux: You need to brush up on your English comprehension skills. Although I'll agree that the report about the virus seems out of place, when they say "another virus" they don't mean that this Secunia reported vunerability is the previous one.
 
Comment

mkrishnan

Moderator emeritus
Jan 9, 2004
29,776
12
Grand Rapids, MI, USA
Is reporting on any security vulnerability FUD to you? due to the non-critical nature of this story, we put it on page2. But it is still a vulnerability, so we reported it. Remember also that the vulnerability is still unpatched as well.

I agree... it's FUD when you take this vulnerability and claim it is a super-high criticality vulnerability and shows clear evidence that "Mac OS X is not any safer than Windows" or something nonsensical like that. This sounds like a very reasonable report identifying a low-threat vulnerability that Apple should close. That's all. Meaning Secunia acted in a very responsible manner in this case. And you know I hate anti-virus companies, so I wouldn't say it if I didn't believe it. :D
 
Comment

gnasher729

macrumors P6
Nov 25, 2005
17,624
4,928
All well and good except for the fact that for sudo you need an admin password. For this security bug, you just need to write a program that makes a bad system call. No password needed.

Replace "sudo rm -rf /" with "rm -rf ~/".

I don't actually care if you can mess up my system; just takes me about two hours of real time and three minutes of actual work to restore everything. Deleting my user files (if a user has no backups), that would be painful. And anyone with local access can do that.

And then of course what can a malicious person with access to my machine do if they have no admin password, but a large hammer (or a small screwdriver, which might actually be more effective)?
 
Comment

Cubert

macrumors regular
Apr 30, 2005
150
0
First, Macarena was not really a virus. It was not self-propagating - it was simply a way to exploit standard UNIX file permissions. It had NO POTENTIAL TO DO HARM!

This new exploit is certainly real, but what can someone do with it? Can a hacker exploit it to gain access to your computer? NO.

End of story.
 
Comment

Shadow

macrumors 68000
Feb 17, 2006
1,577
0
Hmmm...it may be a security exploit but I'm sure Apple is working on a fix, and anyway, has it been seen in the wild yet?
 
Comment

SMM

macrumors 65816
Sep 22, 2006
1,334
0
Tiger Mountain - WA State
Other than flashing our brilliance, is there any reason to give these hacker creaps ideas they have not thought of? Also, I too think the information is important, but I question the timing. Why not wait until it is patched? Or, is immediate gratification to strong a lure. Finally, I also agree this will be more exploited by the media/disinformation magnet. I would be willing to bet a paycheck someone will headline this as "Another MacIntosh virus found - this one with no known cure" (or a reasonable facimilie)
 
Comment

Maccus Aurelius

macrumors 6502a
Sep 19, 2006
542
0
Brooklyn, NY
Other than flashing our brilliance, is there any reason to give these hacker creaps ideas they have not thought of? Also, I too think the information is important, but I question the timing. Why not wait until it is patched? Or, is immediate gratification to strong a lure. Finally, I also agree this will be more exploited by the media/disinformation magnet. I would be willing to bet a paycheck someone will headline this as "Another MacIntosh virus found - this one with no known cure" (or a reasonable facimilie)

Well it's nice to be forewarned. But anyway, simply saying a mac virus was found without actually having a single infected mac to show for it would make the claim quite dubious. but i agree with some that pointing out any security issue, no matter how small, is important. But this report of even non-critical exploits is very reassuring to me, because if you went up to someone with Windows and said "I have a virus on my PC" they'd either say "Again?" or "Me too!"
 
Comment

Jig

macrumors newbie
Feb 26, 2006
17
0
Replace "sudo rm -rf /" with "rm -rf ~/".

I don't actually care if you can mess up my system; just takes me about two hours of real time and three minutes of actual work to restore everything. Deleting my user files (if a user has no backups), that would be painful. And anyone with local access can do that.

And then of course what can a malicious person with access to my machine do if they have no admin password, but a large hammer (or a small screwdriver, which might actually be more effective)?

This assumes they have access to *your* account. Obviously if they have that, they can delete your files. This issue is about if they have access to *any* account. If you have the password to userA, you cannot delete the files belonging to userB. With this issue, you can get full admin access and do whatever you like.

This is a big issue if you have multiple accounts on a system, and especially if you run a server and allow remote access - harder to use a screwdriver then.

In short, it's a serious issue, but not one that is likely to be exploited in a worm.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.