Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: travelin cat
Computer code that exploits a flaw in Apple Computer's Mac OS X was released publicly over the weekend.
The code takes advantage of a weakness in core parts of Mac OS X and could let a person with limited privileges gain full access to a system. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.
"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher at Matasano Security, who was credited by Apple with discovering the flaw. "It appears to be a zero-day exploit." He added that it may even "have been distributed before the patch was released."
Exploit released for Mac OS X flaw [news.com.com]
"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."
This exploit is of the "privilege escalation" variety. An attacker needs to already have an account on the target machine and be malevolent toward either the machine or the other users. So, the only real risk I see is for shared hosting environments who don't do the regular software updates.
Although the tech press will surely jump on this like they jump on all reports of "already fixed" Mac OS issues...