OS X Attack Code Released, and iTunes AAC Security Vulnerability Patched
According to News.com, security researcher Kevin Finisterre at Digital Munition has released "attack code" to the public that can locally exploit the launchd daemon.
The code affects Mac OS 10.4.0 - 10.4.6 (excluding the recently released 10.4.7 and 10.3.x). The same researcher also created a proof-of-concept Bluetooth exploiting worm earlier this year. According to News.com, his actions are in part to show that Apple software is not unbreakable.
Also mentioned in the article is that iTunes 6.0.5 is quietly patching an AAC parsing flaw.
"Attackers may exploit this issue to execute arbitrary code with elevated privileges," Symantec said in a security alert to customers that was updated on Thursday.
The code affects Mac OS 10.4.0 - 10.4.6 (excluding the recently released 10.4.7 and 10.3.x). The same researcher also created a proof-of-concept Bluetooth exploiting worm earlier this year. According to News.com, his actions are in part to show that Apple software is not unbreakable.
Also mentioned in the article is that iTunes 6.0.5 is quietly patching an AAC parsing flaw.
Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files.
Top Rated Comments
(View all)
73 months ago
another proof of concept. This isn't cool. Eventually someone will release one of these things in a less than sanitary manner.
73 months ago
another proof of concept. This isn't cool. Eventually someone will release one of these things in a less than sanitary manner.
at least they released it after it had been fixed by apple.
73 months ago
More bad publicity for Apple..Shows me that Apple is becoming a threat to the PeeCee world and because of this is coming under increasing PR attacks.
73 months ago
They have released a virus in a less-than-sanitary manner: Skype. (Leaked Beta) It was an accident, from a bug.. If you want to think of it as a virus, that is.
73 months ago
Yet another example of why you should always download updates as soon as they are released - they often fix issues, and often highlight previous flaws which some people then take advantage of.
73 months ago
[ According to News.com, his actions are in part to show that Apple software is not unbreakable.
Seriously, Apple has one day to get people patched and this 'security researcher' releases exploit code on the web. Well thank you. At least it's only a local exploit.
73 months ago
another proof of concept. This isn't cool. Eventually someone will release one of these things in a less than sanitary manner.
exactally what i was thinking bro! i like living in my wee bubble...
73 months ago
As stated indirectly by mlr, still better than Windows. Unfortuneatly, Apple's high profile is going to make it more of a target, even if the marketshare is as low as it is.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
