The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

DealsOnTheWeb Daily Deal: Buy.com's After-Christmas Super Store - Check out the Revolving Savings

Mac OS X Security Risk Published

by , 9:10 AM EDT, June 30th, 2006

Proof of concept information about a potential security flaw in Mac OS X has been released, elevating the need for Tiger users to install the Mac OS X 10.4.7 update. According to ZDNet, the flaw, which takes advantage of a vulnerability in the launchd system component, was one of the fixes included with Apple's latest system update that was released earlier this week.

An Apple spokesperson commented "This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update."

The launchd proof of concept was created by Kevin Finisterre, a security researcher at Digital Munition, and requires local access to a Mac instead of Internet access. The security flaw could allow someone to execute code on your Mac with higher privileges that the logged in account allows.

So far, there are no known reports of anyone using the launchd proof of concept information to develop an exploit for Mac OS X.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Dean Lewis Posts: 162 Joined: 29 Sep 2001
Fri Jun 30, 2006 9:47 am Subject:

One day these people might actually produce a virus or trojan or even a proof of a concept of one for something Apple hasn't already patched.

Until then, still no virus trouble for our Mac OS X. They just HATE that.


 Reply | Quote
Close Name:geoduck Posts: 1922 Joined: 30 Dec 2003
Fri Jun 30, 2006 10:49 am Subject:

Proof of concept information was published that utilizes a vulnerability that was patched a couple of days before. They're getting closer to something significant, but not there yet.


 Reply | Quote
Close Name:hangtown Posts: 112 Joined: 03 Dec 2005
Fri Jun 30, 2006 11:28 am Subject:

AND requires local access to the machine.

Still not overly significant, even if it were more than a concept.


 Reply | Quote
Close Name:Ibn Rushd Posts: 51 Joined: 16 May 2006
Fri Jun 30, 2006 12:20 pm Subject: Schools

Quote
hangtown wrote:
AND requires local access to the machine.

Still not overly significant, even if it were more than a concept.


I could see it being a problem in a school situation with their student accessible networks. I am glad that Apple got the fix out before the published vulnerability.


 Reply | Quote
Close Name:murlyn Posts: 10 Joined: 30 Nov 2004
Fri Jun 30, 2006 5:52 pm Subject: Reminder

Just a reminder to everyone that most vulnerabilities are not published until a fix has been released. It's in consideration for the company that has the vulnerability. They go through a process of first notifying the company of the vulnerability. The company then fixes said vulnerability and then the company/person that found the vulnerability usually has first rights to publish the vulnerability at that time which is a thank you nod from the vulnerable company for notifying them first and not all the hackers out there.

Problems, big problems arise when company/people notify the public first about the vulnerability, or only wait a little time after notifying the vulnerable company to notify the public. This puts a lot more people at risk then if they would have kept quiet until the company fixed the problem and released a patch.

Ok that was confusing, but hopefully it's clear enough to make the point.


Reply | Quote
Close Name:horvatic Posts: 102 Joined: 27 Jun 2003
Sat Jul 01, 2006 12:32 am Subject:

Looks like Apple almost beat this story before it even got out as Apple has already patched this concept with 10.4.7 update. I guess Symantec won't be selling much OSX antivirus software this week.


 Reply | Quote
Comment on this Article


Guest Posts Visible. Hide Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.

Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.

Recent Headlines - Updated January 9th

Thu, 5:56 PM
Macworld Expo 2009 - Orbicule Announces Undercover 3 with Location Technology
5:49 PM
News - TOM BIHN, Waterfield Designs Release 17” Unibody MacBook Pro Notebook Cases
3:50 PM
Macworld Expo 2009 - Targus Shows File Share Cable for Mac
3:40 PM
Macworld Expo 2009 - Blackmagic Demonstrates Video Recorder
3:14 PM
News - Microvision Demonstrates SHOW WX Laser Projector
2:53 PM
Just a Thought - First Time: A Closer look at Macworld and San Francisco
12:35 PM
News - Mac Gamers Can Now Fight For Good or Evil in City of Heroes
12:12 PM
News - EVE Online to Expand the Known Universe in March
11:53 AM
News - Feral to Ship Rome: Total War Gold in March
11:19 AM
News - Freeverse Says Commander: Napoleon at War is on the March
10:34 AM
News - Whither Macworld Expo?
9:47 AM
News - Paragon Issues 30 ‘Talking’ Dictionaries

The Mac Observer Reader Specials