BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Mac OS X exploit code released

Tags:
Mac OS X,
Apple,
Flaw,
Exploit Code

Joris Evers CNET News

Published: 03 Oct 2006 09:40 BST

Computer code that exploits a flaw in Apple's Mac OS X was released over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

Apple representatives did not immediately return calls for comment.

Public exploits, while common for Microsoft's Windows, are a rarity for Mac OS X. "More people are looking for vulnerabilities in Mac OS X," Dai Zovi said.

The vulnerability could be exploited by a local attacker or someone with privileges to remotely log on to a machine. Macs that are used by multiple people as well as servers with remote access capabilities are most at risk, experts said. A user with limited privileges could exploit the flaw to possibly gain full system access.

"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

Mac OS X by default checks for updates weekly, which means most Mac OS X systems will not be vulnerable much longer.

The exploit as it was publicly released does not do anything destructive; instead it runs the "/usr/bin/id" utility to show that the user enjoys full administrator privileges.

"I can then make it do anything I want," said Matthijs van Duin, creator of the exploit. "An ill-intended person with at least some skill could modify it to spawn a root shell."

Dai Zovi agreed, a knowledgeable user can easily replace or modify the exploit payload to run a full-access root shell, he said.

Did you find this article useful?
210 out of 345 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Apple
Flaw

Exploit code
Mac OS X

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner