Second OS X virus exploits Bluetooth flaw

Second Apple worm emerges

Security experts have reported a new Mac OS X proof-of-concept virus that spreads using a known vulnerability in the way that the Apple operating system handles Bluetooth wireless communications.

F-Secure referred to the worm as OSX/Inqtana, and emphasised that it is only a proof of concept and is unlikely to cause any damage.

"Inqtana.A has not been seen in the wild and uses the Bluetooth library that is locked into a specific Bluetooth address and the library expires on 24 February 2006. So it is quite unlikely that Inqtana.A would be any kind of threat," said Jarno Niemela, a researcher at F-Secure's laboratory. 

Apple provided a security patch for the exploited vulnerability in June 2005. The worm poses only a limited risk as the user is prompted to accept the file. 

On infection the online pest installs itself in a directory where it is automatically activated on the next system reboot.

F-Secure urged OS X 10.4 users to upgrade their systems, and posted instructions on its website on how to remove the worm. The security vendor does not offer any Mac antivirus products. 

Inqtana.A is the second virus in as many days to target Apple's OS X. Last Thursday virus companies reported seeing the Leap-A worm in the wild.

Individuals on Mac forums blasted the report, claiming that Leap-A was a Trojan and not a worm. Apple also argued against the 'worm' moniker because it requires the user to download the application and manually execute the file.

But several security vendors, including F-Secure, Symantec and Sophos, persisted in describing the pest as a worm because it self-propagates using the iChat instant messaging client. 

Critics also downplayed the report because the worm did not exploit any software vulnerabilities but relied on social engineering to infect systems.