Warning; your Mac could get Raped!

Discussion in 'macOS' started by Scarlet Fever, Jul 18, 2007.

  1. Scarlet Fever macrumors 68040

    Scarlet Fever

    Jul 22, 2005
    from here

    it's awesome how a POC gets media attention, while 114,000 viruses last year for PCs gets nothing :rolleyes:
  2. Nermal Moderator


    Staff Member

    Dec 7, 2002
    New Zealand
  3. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Jul 22, 2005
    Yeah, i noticed that as well. The preef rooder must have taken a day off :p (spelling mistakes intentional)
  4. Gymnut macrumors 68000


    Apr 18, 2003
    That or he works out of a swamp-like environment.
  5. Queso Suspended

    Mar 4, 2006
    Interestingly enough the Security Focus page doesn't list 10.4.10 as being vulnerable. Could this already have been patched?
  6. DoFoT9 macrumors P6


    Jun 11, 2007
    yes apple is relly quite good at patches for software holes.. i think 10.4.10 might have already fixed it :) GO APPLE!!!!!!!
  7. synth3tik macrumors 68040


    Oct 11, 2006
    Minneapolis, MN
    back into the bog.

    It is interesting though that a POC for mac is a huge crisis, but all the Windows based viruses go with out notice. Maybe PC viruses are like Paris Hilton, no one cares anymore, to much over-exposer.
  8. Killyp macrumors 68040


    Jun 14, 2006

    It's actually an example of how insecure PC users can be about the whole virus issue, to the extent that they feel the need to write a worm/virus for other platforms because they're annoyed with how smug the users of other platforms are.
  9. dmw007 macrumors G4


    May 26, 2005
    Working for MI-6
    Hopefully Apple has already made a patch for this...
  10. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Jul 22, 2005
    From here:
    looks like it either hasn't been tested in 10.4.10, or it's been patched
  11. epochblue macrumors 68000


    Aug 12, 2005
    Nashville, TN
    My understanding is that the "researcher" hasn't proved the viability of the attack outside of his/her lab yet. Until he/she does, I'm inclined to think he/she's just blowing smoke.

    I'm all for an OS X worm, who knows, maybe it'll quiet all the "OS X IS INVINCIBLE!" types and all the haters can stop thinking that every Mac user is a smug SOB.
  12. Nightkrawler macrumors regular

    Sep 4, 2006
    Vienna, Austria
    I dont know if 10.4.10 is still vulnerable, but it is possible to disable mdns (Bonjour) with the opensource app "lingon".


    Go to the tab "System Daemons" and disable "com.apple.mDNSResponder".
    Im not 100% sure if this fixes the hole, but the text says "Using a currently undisclosed vulnerability in mDNSResponder..." so this might be right.
    Bonjour related stuff (Printers, ichat, the adium bonjour plugin...) wont work when mdnsResponder is deactivated.
    Be careful, if you mess with other system daemons you might wreck your system, i cannot guarantee that it closes the hole since i have no samples of the worm.

    Maybe someone who has more Information about Bonjour could confirm this :eek:
  13. xUKHCx Administrator emeritus


    Jan 15, 2006
    The Kop
    Well it has already been patched and it doesn't affect 10.3 downwards then this really is a non issue. However there might be useful information contained within it that apple could use to further lock down the system.
  14. Shadow macrumors 68000


    Feb 17, 2006
    Keele, United Kingdom
    Interestingly, 10.3 and below and 10.4.10 are not listed in the "Not Vulerable" section.
  15. nbs2 macrumors 68030


    Mar 31, 2004
    A geographical oddity
    Or more likely - most PC users are already using various virus protection programs while OS X users go around nekkid. 1000 new viruses pop-up for the PC and most machines will be pretty safe. 1 new virus pops-up for OS X and how many of us will go down in flames - I know that I will.

    What a POC does is remind people that there is a place for those protections on every system and the end-user needs to weigh the costs and benefits of running those apps.
  16. Rodimus Prime macrumors G4

    Rodimus Prime

    Oct 9, 2006
    of those 114,000 viruses how many where trogins (OSX is fairly easy to hit with a trojin since it uses user stupidity to get into the computer), how many where just variation of an older virus that been around for years.

    And I would like to point out that when MSBlaster hit the web it used a security hole that was patch months before hand. If you haven't noticed Microsoft no longer release what holes it has patch because people where taking that information and figuring out how to exploit the hole that would be in an unpatched system.
  17. Rodimus Prime macrumors G4

    Rodimus Prime

    Oct 9, 2006
    here is my question. why would you want them to test it outside of the lab. The lab is self contained and will not let the worm get out in the open world. Once it gets out in the open it will spread very quickly and be impossible to contain.
  18. AutumnSkyline macrumors regular


    Oct 5, 2006
    it says 10.4.10 is vulnerable...

    Vulnerable: Apple Mac OS X Server 10.4.10
    Apple Mac OS X Server 10.4.9
    Apple Mac OS X Server 10.4.8
    Apple Mac OS X Server 10.4.7
    Apple Mac OS X Server 10.4.6
    Apple Mac OS X Server 10.4.5
    Apple Mac OS X Server 10.4.4
    Apple Mac OS X Server 10.4.3
    Apple Mac OS X Server 10.4.2
    Apple Mac OS X Server 10.4.1
    Apple Mac OS X Server 10.4
    Apple Mac OS X 10.4.10
    Apple Mac OS X 10.4.9
    Apple Mac OS X 10.4.8
    Apple Mac OS X 10.4.7
    Apple Mac OS X 10.4.6
    Apple Mac OS X 10.4.5
    Apple Mac OS X 10.4.4
    Apple Mac OS X 10.4.3
    Apple Mac OS X 10.4.2
    Apple Mac OS X 10.4.1
    Apple Mac OS X 10.4

  19. iToaster macrumors 68000


    May 3, 2007
    In front of my MacBook Pro
    Wow, it's about time, but it's all for good cause, he's giving it to Apple so they can fix the system. As for that one Apple fan boy... he's way too extreme... and foolish... and uninformed.
  20. calculus Guest


    Dec 12, 2005
    Well, that's where I get all my best ideas...
  21. damienvfx macrumors regular


    Jul 28, 2006
    Los Angeles, CA
  22. Stampyhead macrumors 68020


    Sep 3, 2004
    London, UK
    Running currently existing virus protection programs on your Mac would be useless against this worm since it didn't exist when they were created.
  23. zero2dash macrumors 6502a


    Jul 6, 2006
    Fenton, MO
    Being insecure has nothing to do with it.
    Being sick of smug Mac users, absolutely. :p :D
  24. nbs2 macrumors 68030


    Mar 31, 2004
    A geographical oddity
    You're right - but the point is that under the current distribution system, if there was a worm, we would need Apple to release a specific patch for it and wait for people to get it from software update - not the best method for fire control. I have software update set to run weekly, so I wouldn't get it anyway for quite a while. Virus protection systems should catch unknowns more easily as a result of dedicated distribution systems and their inherent design is to look for things that look suspicious.

    Am I saying that the worm would be stopped right away? No. Just that it might get caught, quarantined, and squashed a bit more quickly. Should people be running software from those companies? I say that the FUD they produce and performance hit outweighs the inherent security of OS X - so no. But, this POC is a reminder that we aren't invulnerable and we should at least remember that virus protection is out there.
  25. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Jul 22, 2005
    i do sincerely apologise. Next time I make a thread warning people of the inevitable security holes Mac OS X has, I'll also put a picture of some nice fluffy kittens or a link to a flash game, so you can continue to live in ignorance.

    seriously mate, if you don't have anything remotely constructive to say, don't bother saying it. For a start, you could tell me why this is the most. boring. thread. ever.

Share This Page