Mac OS X proof-of-concept worm maker blasts Apple on security

“The anonymous researcher who claims to have crafted a [proof-of-concept] Mac OS X worm said today that he (or she) will report his findings to Apple Inc., but added that the Cupertino, Calif.-based company ‘has a very long way to go’ on security,” Gregg Keizer reports for Computerworld.

“Identified only as the researcher behind the Information Security Sell Out blog, the individual on Sunday announced that a still-unpatched bug in mDNSResponder, a component of Apple’s Bonjour automatic network configuring service, could be exploited by a worm,” Keizer reports. “According to the researcher, the worm is fully automated and ready to use.”

“Another researcher, however, questioned whether the anonymous individual crafted the worm in only a few hours, as claimed. ‘Writing the exploit in one day… unlikely for anything other than a stack overflow,’ said Dave Aitel, the chief technology officer at Immunity, Inc.,” Keizer reports.

“Like other researchers who have grown tired of claims that Mac OS X is more secure than rival operating systems, the anonymous individual saved a last shot for Apple. Although he said he will report the newfound vulnerability to Apple at some point, he has no timetable at the moment. ‘I do believe in being responsible and working with vendors,’ he said, ‘but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products,'” Keizer reports.

Keizer reports, “Apple spokesman Anuj Nayar offered a rebuttal in an e-mailed statement. ‘Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users,’ he said.”

Full article here.

MacDailyNews Take: Treating Apple like a child by acting like one.

48 Comments

  1. Of course he’s gonna blast Apple – he wants the fame and the size of his e-peen increased.

    The guy is just another wannabe looking for his 15 minutes of fame.

    Ignore the parasite and he will go away.

  2. interesting…a PROOF OF CONCEPT worm by an ANONYMOUS researcher.

    …yeah…Apple’s got a long way to go if ONE ANONYMOUS researcher made a PROOF OF CONCEPT worm.

    huge holes…Apple you really need to step up to the standards set by Microsoft. they would never allow a PROOF OF CONCEPT worm by an ANONYMOUS user. Instead you should allow worms, leaks, holes, bugs, risks, viruses, malware from people who are proud of their work and publish their names all over!

  3. Force quitting it has no effect, it will auto-restart.

    mDNDResponder is Open Source.

    This trick should work, however I don’t have the code to restart it. Your own risk.

    Disable mDNSResponder:

    sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

  4. This is funny, any one who claims to have explode holes in OS X is a “BIG DEAL” for them because almost nobody can do it… but for windows hackers.. it is just another day, there is no big deal in haking a windows computer, any one can do it.
    Other side of the history, is that even after hackers claim to have hacked OS X, no user has report a problem, but even before a hacker claims to have hack a windows error, every windows users is having the problem… No is it not the same to have vulnerabilities in OS X than having it on Windows.

  5. I figured out how he made a worm that negatively affects Apple. The worm logs into the M$ main server farm and causes a resignation letter to be sent from Ballmers account to the board members of M$.

    Just my $0.02

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.