Home > Articles > New worm in Mac OS X

New worm in Mac OS X

August 2nd, 2007
Goto comments

The anonymous researcher claims to have found a new vulnerability of Mac OS X and added that Apple (the creator of Mac OS X) has a very long way to go on security. The report of unknown individual said that a still-unpatched bug in mDNSResponder, which is a part of Apple’s Bonjour automatic network configuring service, could be exploited by a worm.

The researcher, in an email interview with computerworld.com said that his or hers bug is in the same code base, obviously, but that is where the similarity to the recently patched issues ends. Although Apple has released some patches to the problems that existed, they there not suitable to the entire code base so there still are a lot of bugs there. Not all of the bugs are exploitable, but it’s a fact that Apple left some unfixed problems.

The worm is considered as fully weaponized exploit and fully automated. Vulnerabilities are exploited on Windows platform and has no difference with the ones seen earlier. The anonymous researcher couldn’t detail the vulnerability. Writing the exploit was quite easy according to the individual and the only difficulty he/she had was finding the bug. 

The individual claimed that he or she crafted the worm in only a few hours. There has been a comment on this statement that “it is unlikely for anything other than a stack overflow”. The statement was made by the chief technology officer who also claimed that a stack overflow in mDNS is perfectly possible; moreover it’s an open source anyway.

According to infoworld.com the last shot was saved for Apple because the individual grew tired of claims that Mac OS X is more secure than rival operating systems. The researcher also said that he/she believes in being responsible and working with vendors, yet he/she also feels that some of them need to be treated like children and learn lessons the hard way.  

Apple spokesman, according to infoworld.com, offered a rebuttal that Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. Yet many users agree that actually Apple has a very long way to go when dealing with various security issues in their products.

Articles

  1. No comments yet.
  1. No trackbacks yet.