June 29, 2006 11:57 AM PDT

Attack code out for Apple flaw

Related Stories

Apple updates Mac OS to squash bugs

June 27, 2006

Is Mac OS as safe as ever?

February 27, 2006

Bluetooth worm targets Mac OS X

February 17, 2006
Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday, increasing the urgency to patch.

The code's arrival comes just a day after Apple made an update available for its operating system. The malicious program takes advantage of a locally exploitable vulnerability in an operating system component called "launchd".

"Attackers may exploit this issue to execute arbitrary code with elevated privileges," Symantec said in a security alert to customers that was updated on Thursday.

On Tuesday, Apple delivered Mac OS X 10.4.7. The operating system update repairs a total of five flaws. Four of them affect both the client version of Mac OS X. The other, in the ClamAV antivirus software, has an impact on the server release.

Apple is recommending that people install all updates when they're issued to keep their software fully up to date, a company representative said Thursday.

"This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," the representative said, referring to the ability for the exploit code to run.

The exploit was created by Kevin Finisterre, a security researcher at Digital Munition. Earlier this year, Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. His actions are in part to demonstrate that Apple software is not unbreakable, he has said.

Apple users can download Mac OS X 10.4.7 through Software Update or the standalone installer. Typically, the Mac OS automatically checks for updates once a week.

Separately on Thursday, Apple put out iTunes 6.0.5, an update that it said fixes a security problem that could be used in a denial-of-service attack or let an intruder run code on vulnerable systems.

"The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability," the company said on its security Web site. "Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files."

The iTunes vulnerability affects Mac OS X versions 10.2.8 or later and Microsoft Windows XP and 2000, Apple said.

See more CNET content tagged:
Apple Mac OS, Apple Computer, Apple iTunes, Apple Mac OS X, flaw

40 comments

Join the conversation!
Add your comment
What part of "proof of concept" doesn't CNet understand?
No exploit has been released. A security guy created a little something that theoretically could work as an exploit, issued a press release, and News.com is all over it.

The downward spiral continues.
Posted by M C (598 comments )
Reply Link Flag
Well..whats wrong with it
A proof concept is sufficient for some moron to write code to exploit the OS. News.com is doing a favor to users letting them know of the issue and defend themselves against a attack.

Just because an attack has not happend doesn't mean that is not going to happen!!!
Posted by Tanjore (322 comments )
Link Flag
Why does Cnet continue to deceive?
A guy in a lab creates a concept and Cnet writes a story like this?
Posted by keaggy220 (57 comments )
Reply Link Flag
Exactly!
Apple disclosed the flaw WHEN THEY RELEASED THE FIX for it.
Some guy in a lab reads Apple's description of the flaw and writes a
test program in his lab that exploits the flaw. Oh, by the way, his
exploit requires you to NOT have installed the patch Apple has
already written. How is this even news?
Posted by snodman (20 comments )
Link Flag
Why does Cnet continue to deceive?
A guy in a lab creates a concept and Cnet writes a story like this? I
continue to laugh without virus protection. Maybe one year I'll get
a virus. hehe
Posted by keaggy220 (57 comments )
Reply Link Flag
More News.com BS
How is this a story?

A unreleased virus that would target a vulnerability that will be
nearly non-existent in a week.

Lame.
Posted by mgreere (332 comments )
Reply Link Flag
Where are the editors?
1) This is a non-story as the other commenters have pointed out

2) The article doesn't explicitly say that the patch addresses the vulnerability. It should.

3) What's up with this sentence? "Four of them affect both the client version of Mac OS X."

News.com has been replaced as my source of tech news because of this type of stuff. Now if the guys over at Engadget could get someone to focus on the industry...
Posted by pschlampp (1 comment )
Reply Link Flag
How DARE Cnet Tell The Truth! :-)
Everybody knows that Apple is 100% perfect, and never, ever, has any security flaws, or design flaws, or manufacturing flaws... -lol
Posted by john55440 (1020 comments )
Reply Link Flag
Fan boys come out in droves
1. Is there a flaw? Yes
2. Is there code to exploit it? Yes

So now shut up and take it. You jump on MS when news like this come out but can't eat your own.

I laugh at all of you ignorant people that think your toys aka macs are invulnerable. Keep your had in the sand.
Posted by Oleg Simkin (53 comments )
Reply Link Flag
I wouldnt say that
I cant help but laugh at the irony of someone accusing others of the behavior they themselves are displaying.

Proof of concept exploits like this are developed for Windows on a nearly daily basis. If "mac fanboys" were to "jump on MS when news like this comes out" they wouldnt have time for doing anything else.
Posted by Fray9 (547 comments )
Link Flag
Trolls come out to play
Talk about the pot calling the kettle black.

If you had a point to make about the zealotry of the Mac faithful,
you could have done so without calling Macs 'toys'. That makes
you look somewhat petty, and is hardly going to make someone
'shut up and take it'.

Personally, I'm not going to lose any sleep. I will still take a
system that now has ONE known live exploit and say it is LESS
vulnerable. Not invulnerable but LESS vulnerable. Bit like no car
is thief-proof but some of them are very easy to steal.

As for 'toys' - toys are good, toys are fun. Machines are for dull
people. Toys than run Unix are even better.
Posted by JulesLt (110 comments )
Link Flag
Macs...
Yea... my earlier post got deleted... so i guess it was a bit too radical.

I'll summarize what was in that post... but say it in a nicer way:P

Macs are not my favorite Operating system... and by owning and occasionally using a mac, I preserve the right to say this.
This is an interesting article as it explains how Macs are not as bullet proof as some say they are.
I predict that ,in the future , there will be a BIG mac attack and mac users will have nothing to base their defenses against riducule on.
OSX has stayed relatively problem free, as most Unix based OS's are.
I am confident that hackers will find a way to break OSX... and this article will give them incentive and encourage them.
lets see if this will get deleted...
oh yea, I also said somehting like... Mac fans, get rowdy...
I'm expecting replies...
lol
I'm such a poop disturber:P
Posted by PDG1 (24 comments )
Link Flag
Apple's Bad Press.
The reason why Apple refuses to comment on this article is
because simply, its not news! They've been fairly diligent when it
comes to updating security for their software. Not to mention
answering the press's concerns with Apple's far east IPOD
factory dealings. They stood their ground to say the least.

So why the Bad Press?

Well you only need to look no further then the next article about
Microsoft's Office 2007 delay. Its seemingly to me a cover story
to put less shame on the black sheep of innovation, Microsoft.
Posted by ServedUp (413 comments )
Reply Link Flag
Who are really the uneducated ones here?
Is it the researchers/publishers that share their valid findings for MAC exploits... or those that refuse to believe that their MAC's are at risk?
Posted by 00rb (11 comments )
Reply Link Flag
No no -- simply a stupid story
nt
Posted by mgreere (332 comments )
Link Flag
MAC?
In what way does this put the Medium Access Control (MAC) at risk?
Do you even know anything about computers?
Posted by DeusExMachina (516 comments )
Link Flag
c|net pimping for Symantec?
Are you guys pimping for Symantec or just trying to destroy your
credibility with alarming but false headlines?
Posted by Aan02860 (2 comments )
Reply Link Flag
Irony
Pimping for Symantec...While I was considering this, I noticed to the right a large advert for -- you guessed it -- Symantec anti-virus/security software. I can only hope the reason c|net exists is to give CS-dropouts employment and give jaded readers something to jaw about.
Posted by SNGecko (9 comments )
Link Flag
who cares if macs are at risk?
they're still better computers.
Posted by hatandglasses13 (68 comments )
Reply Link Flag
Why is this news? Already fixed in 10.4.7
This was already patched. Everyone should have updated to 10.4.7 already.
Posted by aristotle_dude (165 comments )
Reply Link Flag
Setting the record straight - again.
Kevin Finisterre, founder of security startup Digital Munition
referenced in this article was interviewed by Security Focus on
2/27/06 (See <a class="jive-link-external" href="http://www.securityfocus.com/columnists/389" target="_newWindow">http://www.securityfocus.com/columnists/389</a>)

Since this Cnet article appears to needlessly try and resuscitate
the Bluetooth InqTana worm scare, the following excerpt from
Finisterre's interview is worth noting:

Q. In your paper, it sounds like both 10.4 and 10.3 were
vulnerable, but aren't any longer. Is that right?

A. The Bluetooth bug that InqTana exploits has been patched for
some time now.

In the same interview, Finisterre remarks about the less than
vigorous tendencies journalists have pertaining to accurately
reporting of software security issues:

Q. Did any antivirus company acknowledge that this was a lab
creation that would have a hard time spreading? Do you think
the vendors treated this well or as a marketing ploy?

A. Although blatantly mentioned in most of the antivirus threat
notices, you will find that folks are still implying that the code
will actually spread. I think this is a bit misleading. The fact of
the matter is that InqTana is not spreading and physically cannot
(spread) without a third party making their own variant.
Headlines like New Mac Worm Spreads Via Bluetooth and Second
Apple worm targeting Macs found are slightly skewed. First, the
code is not spreading in any sense of the word nor was it
"found" anywhere Since most articles are copied and pasted from
the same source, you will find that a number of sources correctly
identify this as "proof of concept." Quite a few folks actually
mention the fact that it is both time limited and crippled to a
specific set of Bluetooth addresses.

Unfortunately, not here. The present Cnet article continues the
"accuracy be damned" approach and relies on sensationalistic
claims while downplaying the actual (proof of concept) nature of
the issue. And in the present case, an issue for which nothing
exists in the wild and an issue for which a patch (10.4.7) has
already been released.

Once again. Windows users can only dream that they have it this
good.
Posted by Terry Murphy (82 comments )
Reply Link Flag
What's sad is that you're not being sarcastic.
The same old lines - it almost seems like you're making fun of the "oooh, the fanboys are out...head in the sand...toy computers..."

Haters are becoming a self-parody.
Posted by M C (598 comments )
Reply Link Flag
Apple stays on top of security issues.
That would have been the correct headline. Anything else is
disinformation.
Posted by Tui Pohutukawa (366 comments )
Reply Link Flag
So called Security Researchers
Is it just me or are these so called Security Researchers/experts
just trying to drum up publicity for themselves and increase
sales? Why in the world would anyone with any integrity and
truely interested in security first publicly announce a security
flaw and then show everyone how to do so - particularly after
Apple released a patch? How is this different from a hackers that
write viruses, worms, bots, etc. aside from hiding behind the
"expert" moniker? If the expert were truely concerned about
security they would contact Apple and if Apple wasn't
responsive, then make a public announcement of the "proof of
concept", but for what reason would you ever release the attack
code. If I decided that the US government wasn't taking the Bird
Flu seriously and I released several infected birds into the
population just to draw attention to the point to the government
inaction, would you call me a terrorist?
Posted by canettijazz (44 comments )
Reply Link Flag
Not necessariliy true
Many researches work very hard to find these exploits. When these are reported to companies, they neglect to fix the problem or delay fixing the problem. Many times, these researchers are not provided with atleast minimal credit for their hardwork. By releasing information publically forces a company to issue a patch.
In this specific case, apple issued a patch and the researcher issued a proof of concept attack. After all the researcher needs some credit for all the hardwork!!!
Posted by Tanjore (322 comments )
Link Flag
The answer is simple
Listen to what apple said, "keep your computer up to date with patches." Please note that in the past, viruses have been written for exploits even after the patch to fix it has been released. Those computers that did not get the updates were vulnerable to the virus.

Computers that are up to date on OS patches and antivirus software dramatically reduce the risk of infection by a virus. It's rather simple to do, people. Why create so much friction over such a simple solution?
Posted by Seaspray0 (9714 comments )
Reply Link Flag
Sounds like people are worried about reputations.
Its sounds like a lot of Macintosh users want this kept hush hush so they can continue to make arguments that Macs don't have flaws, don't need user awareness or spyware tools etc. I agree its not big deal and I never got a feeling from the article that they were trying to make this into a huge issue. But there is nothing wrong with mentioning it so it makes me wonder if Mac fans prefer that issues like this be kept from the public like a certain corporation does.
Posted by Akiba (220 comments )
Reply Link Flag
It is a big deal
You wouldn't know it from the article but,

1. There is no exploit in the wild for this.

2. It can not cause any trouble even if it somehow got on a mac.

3. This is just a lab finding for a problem already fixed.
Posted by qwerty75 (1164 comments )
Link Flag
FUD, FUD, FUD.
People, articles like this are part of a concerted attack. The PC industry feels threatened by what it rightly perceives as a serious threat, and they are doing their dirty, lowdown best to steer you away from buying a Mac.
<p>
The Sky Is Falling!! The Sky Is Falling!! This so-called exploit is such a laughable excuse for the press to sound the alarm. "Attack Code For Apple Flaw?" "Trojan attack?" The hole was already patched before the exploit was released! Even if you were at risk, you would still have to give the infecting app *permission* to run with escalated privileges before it could possibly affect you!!
<p>
Contrary to what the Microsoft/Symantec tools would have you believe, it's been *six years* since the introduction of Mac OS X and there is *still* not a single virus, trojan or spyware affecting Mac OS X in the wild. None. Zero. Zip. Nada. It's all manufactured, made-up Fear, Uncertainty and Doubt.
<p>
The Mac is not impenetrable, but unlike Windows, it is very, very secure. In real life on a Mac, there is simply no need for virus software or for concern that you might be infected. It just doesn't happen.
<p>
If you're thinking of buying a Mac, then you're to be commended for thinking for yourself and ignoring the desperate, clutching PC anti-virus software makers who are afraid they're about to lose you as a captive customer.
<p>
Stop bankrolling the virus-peddlers. Get A Mac. Welcome to computing as it's supposed to be.
Posted by MacPinchi (7 comments )
Reply Link Flag
Beautiful
Nicely said. :)
Posted by TheConfuzed1 (1 comment )
Link Flag
Nothing to see here
First, this "proof of concept" is for a Trojan, not a virus. Second,
there is no attack code in the wild. Third, even if it got into the
wild, it would have a great deal of trouble spreading.

Once again, CNET foists a hoax on Mac users. I'm guessing CNET
editors have lots of Symantec stock they're trying to shore up.
Posted by Macsaresafer (802 comments )
Reply Link Flag
Nothing to see here but poor jouralism
First, this "proof of concept" is for a Trojan, not a virus. Second,
there is no attack code in the wild. Third, even if it got into the
wild, it would have a great deal of trouble spreading.

Once again, CNET foists a hoax on Mac users. I'm guessing CNET
editors have lots of Symantec stock they're trying to shore up.
Posted by Macsaresafer (802 comments )
Reply Link Flag
DOWN WITH THE MAC!:D
haha! that's right:D

Mac's are for people who hate learning
I own a mac... I hate the bageezuz out of it...
It doesn't let me do anything I want to do, I find the interface is too awkward and to top it off the original aqua theme is ugly.
heck... I like Damn Small linux more than a mac
and this exploit is indeed proof that apple isn't unbreakable
I've been waiting for a story like this to come out for a while now...
give... there is no exploit now. But this will put more eyes on apple and give hackers and other malwareitious people more incentive to code for the apple's destruction.
Mark my words... there will be a big one.
I expect replies
hold nothing back mac fans:D
Posted by PDG1 (24 comments )
Reply Link Flag
DOWN WITH THE MAC!:D
haha! that's right:D

Mac's are for people who hate learning
I own a mac... I hate the bageezuz out of it...
It doesn't let me do anything I want to do, I find the interface is too awkward and to top it off the original aqua theme is ugly.
heck... I like Damn Small linux more than a mac
and this exploit is indeed proof that apple isn't unbreakable
I've been waiting for a story like this to come out for a while now...
given... there is no exploit now. But this will put more eyes on apple and give hackers and other malwareitious people more incentive to code for the apple's destruction.
Mark my words... there will be a big one.
I expect replies
hold nothing back mac fans:D
Posted by PDG1 (24 comments )
Reply Link Flag
Sorry.....
Dumb ***** are generally ignored.
Posted by Earl Benser (4310 comments )
Link Flag
Hey! it wasn't deleted:D
geez.. it wasn't deleted... now i feel stupid:P
don't worry, guy...
I'm used to it:(
*sniffle*
but now that I have two posts... one that's really offensive.. and one that is partially non offensive...
I wish the offensive one was gone...
poo
please forgive my out of place comments and foul temper:P
it's early in the morning.. my girlfriend went back to Austria and I'm still hungry...
Posted by PDG1 (24 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.