All the latest UK technology news, reviews and analysis
|
|
|
01 Jul 2006
Security experts have identified malware which exploits a flaw in the Mac OS X operating system.
Apple released a patch to fix the flaw just a few days ago. However, exploit code for the vulnerability has been posted on security websites, prompting the creation of the malware.
Antivirus firm Symantec said that OSX.Exploit.Launchd is a Trojan that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. It can provide root access on the Mac OS X version 10.4.6 or earlier.
The virus does nothing other than open a shell with full root privileges which is controllable by the attacker. A successful attack may crash the application.
Symantec said that the actual threat level, damage potential and distribution rate are low all round.
Symantec has published instructions for the removal of OSX.Exploit.Launchd on its website.
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Software Development Manager - London, 12 Month Contract...
PROCUREMENT AND COMMERCIAL MANAGER BERKSHIRE...
Hardware Engineer / Field Service Support Analyst £16...
Infrastructure / Implementation Support Engineer (Windows...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Errr. Not entirely accurate
OSX.Exploit.Launchd isn't malware and Symantec haven't actually found a trojan or 'instructions on how to remove it'. The code Symantec refer is proof of concept code that was published to explain what was being fixed!! It is not malware in the slightest as it doesn't do anything! Symantec's article is highly misleading.
Posted by: John M 03 Jul 2006
OMG...the sky is falling!
From MacFixIt: OSX.Exploit.Launchd: A false security flag Earlier today, Symantec issued an alert regarding a "new" Mac OS X trojan dubbed "OSX.Exploit.Launchd," and alleged Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process. The vulnerability was hence published by SecurityFocus (CVE-2006-1471), which called the "trojan" to Symantec's attention. Oddly enough, Symantec's page describing the "trojan" does not even mention that applying the Mac OS X 10.4.7 update will plug this security hole, but instead offers some strange workarounds like: "Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files" and "Turn off and remove unneeded services. " To recap, there is no threatening exploit in the wild, and the vulnerability has been patched in Mac OS X 10.4.7.
Posted by: Jeffsters 02 Jul 2006
This is an outright lie!
You wrote: "Security experts have warned that malware which exploits a flaw in the Mac OS X operating system has been spotted in the wild." This is a lie! Apple patched a vulnerability that nobody knew about and Symantec THEN a day later said there was a Trojan in the wild which is a lie. They can't produce any such thing. After Apples patch they figured out what was vulnerable and simply issued this lie just as they have lied repeatedly recently that there were viruses etc in the wild. Every claim has turned out to be a lie. The only code found were viruses and trojans Symantec was writing created in their labs. Sounds like Microsoft. No Mac user would ever use Symantec virus software because all their shit does is open a back door into your computer. There are NO malware affecting OS-X in the wild at all. If there ever is a threat Symantec has destroyed any credibility they might have ever had. Articles like this are just bait to keep the Windows Drones and fanboys happy, misinformed and stupid. Mac users are unaffected.
Posted by: Sid Singleton 02 Jul 2006
VERY low security risk
They rated as a low security risk for a reason. The attacker has to already have user account on the computer in question. The vulnerability only allows someone with a low level account to elevate that account to ROOT. No user account, no access.
Posted by: Scott 02 Jul 2006
More FUD to drum up busines
Once again a company with a vested interest in selling product attempts to create something from nothing. Check your facts before you propagate falsehoods.
Posted by: Lynn 01 Jul 2006