Anonymous researcher boasts of building Mac worm

Exploits bugs Apple missed in May, 'Information Security Sell Out' blogger says

Gregg Keizer (Computerworld)
18 July, 2007 08:09
Comments

An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple missed in a May round of patches.

A poster on the Information Security Sell Out blog said Sunday that he or she had written a proof-of-concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple.

According to the researcher (actually, in one posting, "writers" is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007-005, included a fix for the mDSN bug.

Info Sec's blogger(s) said the worm was also "very 'customer' specific" and crafted for cash. "[It] could easily be changed to be more malicious," said the researcher.

The same blogger made a minor stir in April when, after a US$10,000 security conference contest concluded, he or she claimed to have grabbed the exploit from the conference wireless network and reverse-engineered the vulnerability. Conference organizers, however, denied that the wireless network had been cracked. When asked to back up his or her claims, the Info Sec blogger only replied: "There is no real benefit to me in doing so. I am not one who cares if people believe my claims or not."

In the same comment thread, the Info Sec blogger also promised to post the captured packets and other information "Once this bug is patched by Apple and I am satisfied that I would not be adding additional risk." Apple patched the QuickTime vulnerability May 1. The Info Sec blogger has not yet, however, posted the nicked network traffic.

Attempts to reach the Info Sec blogger via e-mail were unsuccessful.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Apple, HIS Limited, SEC, VIA

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Three simple steps to better patch security

It’s estimated that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Yet patching is a persistent challenge for IT managers. With the glut of patches released each year, how do you know which ones are truly critical security patches and which ones aren’t? And how can you identify which computers are actually missing the patches they need? This paper details a simple approach to patching that gives you better visibility into and control over patch assessment and compliance.

Featured Download