Text Size
Researcher offers details on OS X flaw
updated 05:20 pm EDT, Thu June 29, 2006
Launchd vulnerability
A security researcher has provided details on the launchd vulnerability fixed in Apple's latest OS update. The flaw, which was patched in the Mac OS X 10.4.7 update on Tuesday, could allow unauthenticated local users to execute arbitrary code with system privileges. The launchd daemon takes the place of the cron, xinetd, mach_init, and init programs on Mac OS X systems to perform system initialization, call system scripts, and run startup items. The proof-of-concept code offers a facility for launchd to send messages to the syslog daemon via a format string vulnerability that ultimately results in root access to the host system.
Fixed!
06/29, 06:31pm reply
And this is news how exactly..seeing as it's already been fixed? Nothing to see here, move along!
Feathers
Forum Regular
Joined: Oct 1999
Re: fixed
06/30, 10:07am reply
Maybe its because information is good. This way, people can decide whether this vulnerability is dangerous enough to warrant updating all computers to a new, and possibly troublesome, OS update?
testudo
Fresh-Faced Recruit
Joined: Aug 2001
Notice the route
06/30, 04:06pm reply
"could allow unauthenticated local users to execute arbitrary code with system privileges."
This pretty much only applies to computer laboratory systems, with many users on it, because very few home and individually-owned Macs have anything but admin users...
johnsonua
Fresh-Faced Recruit
Joined: Aug 2003
gds
08/04, 11:09am reply
wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw wc4Ujw
grener
Banned
Joined: Jul 2006