Security experts warn of Mac OS X Trojan
/v3-uk/news/1945214/security-experts-warn-mac-os-x-trojan
01 Jul 2006, Clement James , V3
Security experts have identified malware which exploits a flaw in the Mac OS X operating system.
Apple released a patch to fix the flaw just a few days ago. However, exploit code for the vulnerability has been posted on security websites, prompting the creation of the malware.
Antivirus firm Symantec said that OSX.Exploit.Launchd is a Trojan that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. It can provide root access on the Mac OS X version 10.4.6 or earlier.
The virus does nothing other than open a shell with full root privileges which is controllable by the attacker. A successful attack may crash the application.
Symantec said that the actual threat level, damage potential and distribution rate are low all round.
Symantec has published instructions for the removal of OSX.Exploit.Launchd on its website.
Do you agree?
OMG...the sky is falling!
From MacFixIt:
OSX.Exploit.Launchd: A false security flag
Earlier today, Symantec issued an alert regarding a "new" Mac OS X trojan dubbed "OSX.Exploit.Launchd," and alleged Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability.
The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process.
The vulnerability was hence published by SecurityFocus (CVE-2006-1471), which called the "trojan" to Symantec's attention.
Oddly enough, Symantec's page describing the "trojan" does not even mention that applying the Mac OS X 10.4.7 update will plug this security hole, but instead offers some strange workarounds like: "Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files" and "Turn off and remove unneeded services. "
To recap, there is no threatening exploit in the wild, and the vulnerability has been patched in Mac OS X 10.4.7.
Posted by Jeffsters, 02 Jul 2006
This is an outright lie!
You wrote:
"Security experts have warned that malware which exploits a flaw in the Mac OS X operating system has been spotted in the wild." This is a lie!
Apple patched a vulnerability that nobody knew about and Symantec THEN a day later said there was a Trojan in the wild which is a lie. They can't produce any such thing.
After Apples patch they figured out what was vulnerable and simply issued this lie just as they have lied repeatedly recently that there were viruses etc in the wild. Every claim has turned out to be a lie. The only code found were viruses and trojans Symantec was writing created in their labs. Sounds like Microsoft.
No Mac user would ever use Symantec virus software because all their shit does is open a back door into your computer. There are NO malware affecting OS-X in the wild at all. If there ever is a threat Symantec has destroyed any credibility they might have ever had.
Articles like this are just bait to keep the Windows Drones and fanboys happy, misinformed and stupid.
Mac users are unaffected.
Posted by Sid Singleton, 02 Jul 2006
VERY low security risk
They rated as a low security risk for a reason. The attacker has to already have user account on the computer in question. The vulnerability only allows someone with a low level account to elevate that account to ROOT. No user account, no access.
Posted by Scott, 02 Jul 2006
Errr. Not entirely accurate
OSX.Exploit.Launchd isn't malware and Symantec haven't actually found a trojan or 'instructions on how to remove it'.
The code Symantec refer is proof of concept code that was published to explain what was being fixed!! It is not malware in the slightest as it doesn't do anything!
Symantec's article is highly misleading.
Posted by John M, 03 Jul 2006
More FUD to drum up busines
Once again a company with a vested interest in selling product attempts to create something from nothing. Check your facts before you propagate falsehoods.
Posted by Lynn, 01 Jul 2006