updated 05:20 pm EDT, Thu June 29, 2006
A security researcher has provided details on the launchd vulnerability fixed in Apple's latest OS update. The flaw, which was patched in the Mac OS X 10.4.7 update on Tuesday, could allow unauthenticated local users to execute arbitrary code with system privileges. The launchd daemon takes the place of the cron, xinetd, mach_init, and init programs on Mac OS X systems to perform system initialization, call system scripts, and run startup items. The proof-of-concept code offers a facility for launchd to send messages to the syslog daemon via a format string vulnerability that ultimately results in root access to the host system.