Welcome to WebmasterWorld Guest from

Forum Moderators: travelin cat

Message Too Old, No Replies

Exploit released for Mac OS X flaw

8:52 am on Oct 4, 2006 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 1076

Computer code that exploits a flaw in Apple Computer's Mac OS X was released publicly over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a person with limited privileges gain full access to a system. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher at Matasano Security, who was credited by Apple with discovering the flaw. "It appears to be a zero-day exploit." He added that it may even "have been distributed before the patch was released."

Exploit released for Mac OS X flaw [news.com.com]

1:32 pm on Oct 5, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 9, 2003
votes: 0

"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

This exploit is of the "privilege escalation" variety. An attacker needs to already have an account on the target machine and be malevolent toward either the machine or the other users. So, the only real risk I see is for shared hosting environments who don't do the regular software updates.

Although the tech press will surely jump on this like they jump on all reports of "already fixed" Mac OS issues...