Exploit released for Mac OS X flaw

Computer code that exploits a flaw in Apple Computer's Mac OS X was released over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

Apple representatives did not immediately return calls for comment.

Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

The vulnerability could be exploited by a local attacker or someone with privileges to remotely log-on to a machine. Macs that are used by multiple people as well as servers with remote access capabilities are most at risk, experts said. A user with limited privileges could exploit the flaw to possibly gain full system access.

"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

MacOS X by default checks for updates weekly, which means most Mac OS X systems will not be vulnerable much longer.

The exploit as it was publicly released does not do anything destructive; instead it runs the "/usr/bin/id" utility to show that the user enjoys full administrator privileges.

"I can then make it do anything I want," said Matthijs van Duin, creator of the exploit. "An ill-intended person with at least some skill could modify it to spawn a root shell."

Dai Zovi agreed, a knowledgeable user can easily replace or modify the exploit payload to run a full-access root shell, he said.

Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Chris Duckett Get extensions going in Firefox, redux
    Previously on Null Pointer we looked at getting extensions working in Firefox betas, and that was great until the fine folks at Firefox changed their minds.
  • Array How reliable is IP telephony?
    Have you ever heard a weird kind of hissing, crackling or popping noise when calling someone on an IP telephony line? How rare is the phenomenon these days?
  • Array Forget the NBN, 100Mbps is already here
    Telstra and TransACT will shortly begin offering 100Mbps broadband to many customers. By moving early, the companies have not only raised the bar for Australia's broadband services, but thrown down a challenge to a government that now faces increased pressure to deliver the NBN as promised.
  • More blogs »

Tags

  1. 490 articles are tagged with 3g
  2. 41 articles are tagged with afact
  3. 83 articles are tagged with asic
  4. 141 articles are tagged with ato
  5. 1306 articles are tagged with broadband
  6. 69 articles are tagged with cba
  7. 14 articles are tagged with cenitex
  8. 670 articles are tagged with cio
  9. 254 articles are tagged with conroy
  10. 132 articles are tagged with contract
  11. 47 articles are tagged with david thodey
  12. 156 articles are tagged with exchange
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 53 articles are tagged with gnome
  16. 1034 articles are tagged with government
  17. 22 articles are tagged with hfc
  18. 790 articles are tagged with hp
  19. 1304 articles are tagged with ibm
  20. 222 articles are tagged with iinet
  21. 289 articles are tagged with isp
  22. 7 articles are tagged with jodee rich
  23. 35 articles are tagged with michael malone
  24. 1482 articles are tagged with microsoft
  25. 35 articles are tagged with mike quigley
  26. 52 articles are tagged with minchin
  27. 1127 articles are tagged with mobile
  28. 218 articles are tagged with national broadband network
  29. 397 articles are tagged with nbn
  30. 201 articles are tagged with new zealand
  31. 195 articles are tagged with nsw
  32. 61 articles are tagged with one.tel
  33. 929 articles are tagged with open source
  34. 885 articles are tagged with optus
  35. 20 articles are tagged with pipe networks
  36. 171 articles are tagged with queensland
  37. 2651 articles are tagged with security
  38. 53 articles are tagged with senate
  39. 70 articles are tagged with separation
  40. 9 articles are tagged with sp telemedia
  41. 655 articles are tagged with sun
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2444 articles are tagged with telstra
  46. 138 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 31 articles are tagged with tpg
  49. 176 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured