“Anti-virus maker Symantec Corp. is warning that it has detected a new piece of malware that tries to exploit a flaw in Mac OS X systems that Apple Computer Inc. released a software security update to fix just three days ago,” Brian Krebs reports for The Washington Post.
“‘OSX.Exploit.Launchd,’ is a ‘Trojan horse’ program that exploits a security hole in OS X’s ‘launchD’ service, which controls which programs should boot up whenever a user restarts a Mac. According to Symantec, this exploit provides the attacker root access — or total control — over any Mac system running OS X version 10.4.6 or earlier,” Krebs reports.
Full article here.
In an article breathlessly and hyperbolically headlined, “Attack code out for Apple flaw” Joris Evers reports for CNET News, “Attack code that exploits a flaw in Apple Computer’s Mac OS X was publicly released Wednesday, increasing the urgency to patch… On Tuesday, Apple delivered Mac OS X 10.4.7. The operating system update repairs a total of five flaws. Four of them affect both the client version of Mac OS X. The other, in the ClamAV antivirus software, has an impact on the server release.”
MacDailyNews Take: “Four of them affect both the client version of Mac OS X?” They can’t even write coherent sentences to support the FUD.
Evers presses on, “The exploit was created by Kevin Finisterre, a security researcher at Digital Munition. Earlier this year, Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple’s Bluetooth software (see Patched in mid-2005 by Apple, Symantec warns ‘Inqtana-A’ worm could be ‘beginning of a trend’ – February 20, 2006). His actions are in part to demonstrate that Apple software is not unbreakable, he has said.”
MacDailyNews Take: Ah, the wonderment! Behold the massive and unparalleled coding skill required to create proof-of-concept Mac OS X malware anytime after Apple discloses the flaw and fixes it.
Full article, along with Evers and CNET being appropriately schooled by the majority of their readers in the feedback section, here.
MacDailyNews Take: In related news, Biff Tannen found Marty McFly’s sports almanac that Doctor Emmett L. Brown threw out because McFly wanted to use it in conjunction with the DeLorean time machine to make a bundle in sports gambling. Amazingly, Tannen then stole the DeLorean and used it to give the book to himself at some point in the past! Tannen used the almanac’s info – which contained final scores for games yet to be played – and became fabulously rich. Tannen now controls all of Hill Valley along with the desperate Symantec and their CNET lackeys.
Note: Apple on Tuesday released an update that closes the security hole that this unreleased proof-of-concept Trojan would exploit if it had ever been released in the wild before Mac OS X 10.4.7. Mac OS X users can update to Mac OS X 10.4.7 via Mac OS X’s Software Update or via standalone installers for which download links can be found here. As usual, we recommend that users keep their operating systems up to date.
Advertisements:
• Introducing the super-fast, blogging, podcasting, do-everything-out-of-the-box MacBook. Starting at just $1099.
• Get the new iMac with Intel Core Duo for as low as $31 A MONTH with Free shipping!
• Get the MacBook Pro with Intel Core Duo for as low as $47 A MONTH with Free Shipping!
• Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
Related articles:
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple releases Mac OS X 10.4.7 Update – June 27, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Symantec Antivirus software flaw allows hackers to seize control of PCs without user interaction – May 25, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
McAfee announces virus protection for Intel-based Apple Macs – May 05, 2006
BusinessWeek: New Apple Mac ads stir up Mac security overreaction – May 04, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Why pay Symantec for flawed ‘security’ app designed to protect Apple Macs from nonexistent threats? – December 27, 2005
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005