An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple missed in a May round of patches.
A poster on the Information Security Sell Out blog said Sunday that he or she had written a proof-of-concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple.
According to the researcher (actually, in one posting, "writers" is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007-005, included a fix for the mDSN bug.
Info Sec's blogger(s) said the worm was also "very 'customer' specific" and crafted for cash. "[It] could easily be changed to be more malicious," said the researcher.
The same blogger made a minor stir in April when, after a $10,000 security conference contest concluded, he or she claimed to have grabbed the exploit from the conference wireless network and reverse-engineered the vulnerability. Conference organizers, however, denied that the wireless network had been cracked. When asked to back up his or her claims, the Info Sec blogger only replied: "There is no real benefit to me in doing so. I am not one who cares if people believe my claims or not."
In the same comment thread, the Info Sec blogger also promised to post the captured packets and other information "Once this bug is patched by Apple and I am satisfied that I would not be adding additional risk." Apple patched the QuickTime vulnerability May 1. The Info Sec blogger has not yet, however, posted the nicked network traffic.
Attempts to reach the Info Sec blogger via e-mail were unsuccessful.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
