Symantec warns of new OS X trojan horse

From Symantec's website:

When OSX.Exploit.Launchd is executed, it performs the following actions:

1. Exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (as described in Security Focus BID 18724) which may elevate the privileges of a remote attacker's local account on an Apple Mac OS X computer.

Wait a sec.... MAY elevate the privileges of a remote attacker's LOCAL ACCOUNT?

So how is some evil hacker going to get a LOCAL ACCOUNT on my Mac? Sounds kinda like that stuff we heard of a while back where some guy challenged anyone to hack his Mac.... but first gave them a local account to play in.

Nudge me when I'm really threatened.

so in other words it is remotely possible for you to be hacked by someone that you know and have given an account to on your computer.

I guess now my locksmith and security company would like to sell me more products becuse I could be harmed or robbed by somebody that I invite into my house and give a key.

Now I realize it is a threat of some degree becuse you don't want users getting more permissions than you have assigned but come on this is nowhere near a major deal. The first rule of security is don't grant access to people you don't trust.

This can be a major problem for admins in situations where people who can't be trusted must be given accounts - like a school setting, or a large business.

It's a nice theory that you shouldn't give access to people you don't trust, but sometimes you have to.

go f**k themselves and learn a thing or two about how real operating systems work. Stay on Winshit Symantec, its more ur cup of soup.

See MacFixIt.com's commentary on this warning... An effective non-event!

http://www.macfixit.com/article.php?story=20060630141843699

Wait a sec.... MAY elevate the privileges of a remote attacker's LOCAL ACCOUNT?

So how is some evil hacker going to get a LOCAL ACCOUNT on my Mac? Sounds kinda like that stuff we heard of a while back where some guy challenged anyone to hack his Mac.... but first gave them a local account to play in.

That's right. Since it doesn't affect YOU, then its a non-story. I guess what you're saying is that no macs are in any type of enterprise or multi-user environment?

Oh, and did you notice that this was called a Trojan Horse? A trojan horse is an app that looks like an innocuous program that actually has an "evil" payload. As such, if they can get you to run the program (not an incredibly hard effort), they can screw with launchd, have your local account's permission escalated, thus allowing THE PROGRAM to then issue commands under the escalated accounts.

Oh, and remember that because the bug causes an escalation, depending on the activity, no admin password is prompted to install other software/kexts on your system.

But, I forgot, this is the Mac OS. We're perfectly safe. All Mac users are 1000 times more intelligent then other computer users, so there's no way they'd be stupid enough to install a virus or run Trojan.app. We don't have to worry about anything!

don't be talking about how this is already fixed by apple. Most of the viruses/trojans/worms on Windows take advantage of "fixed" problems. The thing is, not everyone installs updates. Especially security fixes that are part of a larger system update.

> The thing is, not everyone installs updates. Especially > security fixes that are part of a larger system update.

Well then those idiots deserve to be hacked. Not installing security updates is your own blunder. Not Apple's problem.

And you louzer, are a friggin idiot. How come morons like louzer or testudo only post here and don't have the balls to face a real discussion in the forums?

I'm not going to say that Mac OS X is impenetrable, because it's not. I'm not going to say OS X is easy to hack, because it's not.

While this isn't much of a threat now, it could have been given that a hacker used it on an account that didn't have a password.

It would be a matter of finding the account names and finding at least one that didn't have a password. Meaning local access doesn't necissarly mean they've had access to the computer before.

OS X isn't going to be virus free forever. Its just that up until now, no one's really cared to make viruses for OS X. Thats slowly starting to change.

And sure, it wasn't really released, but just imagine if it was. How about people that have an account that doesn't have a password on thier computer. Not because they're idiots, or anything, they just don't have one, like an account for the kids, or for troubleshooting, or as an account for visitors. There you go, theres the problem. One account without a password, and all you need then is the person to be running OS X 10.4.6, and the virus on it, and boom, admin privalages.

The point is, OS X isn't going to be immune to viruses forever, its when the hackers start writing the viruses and releasing them to the wild is when that's going to end.

Read this..."

The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process."

Thank you macfixit.com for some actually useful information.