[ISN] Mac OS X Exploit Rapidly Follows Patch

From: InfoSec News (alerts@private)
Date: Fri Jun 01 2007 - 00:37:40 PDT


http://www.eweek.com/article2/0,1895,2138304,00.asp

By Brian Prince
May 29, 2007

Security research firm Immunity released exploit code for a serious bug 
affecting Mac OS X less than 24 hours after Apple released a patch for 
it.

The flaw is a buffer overflow vulnerability in the UPnP Internet Gateway 
Device Standardized Device Control code used to create port mappings on 
home NAT (Network Address Translation) gateways in the OS X 
mDNSResponder implementation.

Apple issued a patch for the vulnerability late in the week of May 21. 
The flaw, one of 17 security issues addressed by the company in the 
update, could lead to the remote execution of code. It affects Mac OS X 
v10.4.9 and Mac OS X Server v10.4.9.

The exploit was made available on May 25, less than 24 hours later, to 
members of Immunity's partner program.

"So essentially [it's] a reliable remote root on everyone at Starbucks 
or on all those OS X fiends at security conventions," Dave Aitel, chief 
technology officer for Immunity, based in Miami, wrote in a posting 
about the exploit. "The Immunity exploit will do so on either PPC or 
Intel, your pick, and since the service restarts, you get to pick 
twice."

Jose Nazario, a software and security engineer at Arbor Networks, based 
in Lexington, Mass., said it was unusual for an exploit of a Mac 
vulnerability to be released so quickly.

"I don't know of any others that have been quite that fast, within a day 
or two," Nazario said, adding that Mac OS X has increasingly become a 
source of interest for hackers and security researchers alike.


5B5B
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri Jun 01 2007 - 00:42:04 PDT