Wednesday, April 15, 2009

Root Exploit for Mac OS X

Via Heise Security -

Several exploits for Apple's Mac OS X operating system are in circulation which have not yet been patched. In a short test carried out by the heise Security editorial team, one of the exploits allowed a Mac OS X 10.5.6 user with normal privileges to obtain root privileges. The problem is triggered when mounting malformed HFS disk images. The exploit consists of a shell script and some source code written in C. The C code generates the disk image which, when mounted, provokes the flaw that allows execution of code at root level.

The other exploits target vulnerabilities in kernel system calls (CTL_VFS, SYS___mac_getfsstat and SYS_add_profil) which allow logged-in users to crash a system. Parts of the kernel memory may also be vulnerable to spying. Another exploit for a hole in AppleTalk reportedly allows attackers to remotely provoke a buffer overflow. However, this vulnerability doesn't seem to allow code injection.

It remains unknown whether Apple has been informed of these problems. On his digit-labs.org website, the author of the exploits writes that he already publicly demonstrated the exploits at the recent CanSecWest 2009 security conference. Until Apple has released an update to solve the problems, users are advised not to mount disk images originating from unknown sources.

---------------------------

I feel it is quite sad that normal people have to hand out OS X exploit threat mitigation information...why isn't Apple giving out the necessary information to protect it's userbase against exploitation?

1 comment:

  1. 'I feel it is quite sad that normal people have to hand out OS X exploit threat mitigation information...why isn't Apple giving out the necessary information to protect it's userbase against exploitation?'

    Simple: because Apple's bandwagon revolves around the claim that the Mac is unaffected by malware. And they go to great effort to avoid mention of the obscurity factor, instead using indirect yet unmistakable innuendos to suggest that it has something to do with "code quality." Of course this is contrary to statements from security researchers competing at CanSecWest, who state quite plainly that Mac OS is in fact less secure than Windows; but do you really expect them to admit it?

    ReplyDelete