Crunch time for Apple OS security

    Date09 Jul 2002
    4657
    Posted ByAnthony Pell
    "Exploiting this vulnerability can lead to root compromise on affected systems. These are known to include Mac OS 10.1.X and possibly 10.0.X," said Harding. Harding has released a full exploit for this vulnerability in a bid to "convince Apple that . . . "Exploiting this vulnerability can lead to root compromise on affected systems. These are known to include Mac OS 10.1.X and possibly 10.0.X," said Harding. Harding has released a full exploit for this vulnerability in a bid to "convince Apple that it needs, at the very least, some basic authentication in SoftwareUpdate". The package includes everything needed to impersonate the update site.

    The update mechanism carries out its tasks over plain old HTTP without any form of authentication. "Using well known techniques, such as DNS spoofing, or DNS cache poisoning, it is trivial to trick a user into installing a malicious program posing as an update from Apple," warned Harding. DNS spoofing and cache poisoning are methods of fooling a machine into thinking that a rogue computer is legitimate. For those in the know, it is easy to carry out. The vulnerability is further compounded by the fact that Mac OSX updates are installed as root.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"5","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.