toggle

AAPL Stock: 431.77 ( -0.23 )

http://www.macnn.com/articles/06/06/29/launchd.vulnerability/

Researcher offers details on OS X flaw

updated 05:20 pm EDT, Thu June 29, 2006

 

Launchd vulnerability


A security researcher has provided details on the launchd vulnerability fixed in Apple's latest OS update. The flaw, which was patched in the Mac OS X 10.4.7 update on Tuesday, could allow unauthenticated local users to execute arbitrary code with system privileges. The launchd daemon takes the place of the cron, xinetd, mach_init, and init programs on Mac OS X systems to perform system initialization, call system scripts, and run startup items. The proof-of-concept code offers a facility for launchd to send messages to the syslog daemon via a format string vulnerability that ultimately results in root access to the host system.


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999

    0
    06/29, 06:31pm | report spam | Reply |

    Fixed!

    And this is news how exactly..seeing as it's already been fixed? Nothing to see here, move along!

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    06/30, 10:07am | report spam | Reply |

    Re: fixed

    Maybe its because information is good. This way, people can decide whether this vulnerability is dangerous enough to warrant updating all computers to a new, and possibly troublesome, OS update?

  1. johnsonua

    Fresh-Faced Recruit

    Joined: Aug 2003

    0
    06/30, 04:06pm | report spam | Reply |

    Notice the route

    "could allow unauthenticated local users to execute arbitrary code with system privileges."

    This pretty much only applies to computer laboratory systems, with many users on it, because very few home and individually-owned Macs have anything but admin users...

  1. grener

    Banned

    Joined: Jul 2006

    0
    08/04, 11:09am | report spam | Reply |

    gds

    wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News