“An exploit for one of the 15 vulnerabilities patched by Apple on Friday has been posted to a malware Web site, Symantec said Monday,” Gregg Keizer reports for TechWeb.
“The code, which has appeared on the ‘milw0rm‘ site, exploits a bug that Apple Computer identified within the operating system’s kernel,” Keizer reports.
“‘The exploit payload executes /usr/bin/id, and as such would need to be replaced with a more useful payload to be used effectively,’ noted Symantec in an alert to customers of its DeepSight threat system,” Keizer reports.
Keizer reports, “Apple patched the flaw in the Mac OS X 10.4.8 upgrade it rolled out on its download site and made available via automatic update on Friday.”
Full article here.
MacDailyNews Take: This is not the first time time malware for already-patched systems (for Mac, Mac OS X, Windows, Linux, etc.) has appeared – and it certainly won’t be the last. In related news, a Mr. J. Sixpack of East Bumfsck, Ohio, solved last week’s NY Times crossword puzzle just days after The NY Times published the answers. Congrats!
Note to Mac OS X users: run Software Update or click the related article below for links to update your systems. Note to all personal computer users: keep your system up-to-date and do not download, install and run software from untrusted sources.
Related article:
Apple releases Mac OS X Tiger 10.4.8 – September 29, 2006