Yet another Mac OS X worm maker takes a shot at Apple

[EFI]

While recent efforts to successfully create a true "virus" through a "complete hack" for OS X has failed on numerous accounts, there have been some accounts of creating an application exploits under OS X. The most recent one, is documented by an "anonymous" researcher who claims to have proof of concept worm under OS X, which (he says) works by manipulating the mDNS stack in Apple's Bonjour network service.

 

The individual claims that the worm was only created in several hours, and states that the worm is fully automated and ready for use:

 

"[My worm] is in the same code base, obviously, but that is where the similarity to the recently patched issues ends," said the researcher in an e-mail interview. "When Apple fixed the previous issues, they did not take care of the entire code base and there are a lot of bugs there... some are exploitable, like the one I am using, while others are not. But the fact remains that Apple did a horrible job in fixing this package."

 

According to the researcher, the worm is fully automated and ready to use. "It would be considered a fully weaponized exploit and fully automated," he said. "This is really no different than other worms we have seen [on the Windows platform]. Other than that, I am not able to give any more details."

 

Another researcher, however, questioned whether the anonymous individual crafted the worm in only a few hours, as claimed. "Writing the exploit in one day... unlikely for anything other than a stack overflow," said Dave Aitel, the chief technology officer at Immunity, Inc., a Miami Beach-based security company best known for its Canvas penetration testing software. "So most likely he found a stack overflow in mDNS, which is perfectly possible. It is open source, after all."

 

The researcher who claims to have created the worm didn't detail the vulnerability, but did emphasize that writing the exploit was a breeze. "The hard part is finding the bug," he said. "Once you have found it, it is very easy to exploit. The Bonjour (mDNS) service is UDP [user Datagram Protocol, one of the core Internet protocols] Universal as well, making it even more fun for things like worms."

 

Full article link

 

There are several reasons to speculate and doubt the individual's motive and claims behind this worm. Firstly, why keep the anonymity level if this is infact a real threat to OS X? Previously, Dino Dai Zovi, who was able to create a worm lower in significance to this individual, was appraised for doing such an accomplishment, so when this is at a highler level of threat...why hide the name? Secondly, the individual states that he/she will at some point report it to Apple...not immediately. Why the wait time?

 

"I do believe in being responsible and working with vendors," he said, "but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."

 

OS X is not invincible, nor invulnerable, but regardless of that above statement however, as of today, this hour, this minute, and this second...the total exploits (viruses) in the wild for OS X (from a time period of 6 years)...still stands at 0. Go figure.

[FunkyMunky]

Well, i know i'm going to get my head ripped off and fed to the dogs for this, but...

 

"Apple Macintosh OS X. Currently, (5 out of 104) are marked as Unpatched with the most severe being rated Less critical "

http://secunia.com/product/96/?task=advisories

 

Remind me again how this totals 0?

 

Now for the people who will most likely complian that it doesn't matter as windows has more..

 

"Microsoft Windows Vista. Currently, (2 out of 11) are marked as Unpatched with the most severe being rated Not critical "

http://secunia.com/product/13223/?task=advisories

 

Now am I a big apple hater/windows lover coming here just to start a comotion? No

 

The simple fact is, that alot of macintosh users are large fans (which is nothing wrong), and sometimes miss the downsides (it happens) of their perticular computer (everything has its downside, you can't argue that. Windows has plenty).

 

Now just to make sure, EFI, none of that is pointed to directly you, its just in general, and once again i will stress that i'm not here to stur up a flame war. I have no problems with hearing anyones side of the argument, as long as it's not angry giberish.

 

[Kenta]

And yet they still don't have a good security scheme like all Unix like OSes do.

 

Windows needs some more work, patching exploits won't do anything if you always have administrator access and have a rootkit installed.

[FunkyMunky]

I agree that unix still has the best security.

 

Now when i talk about windows, vista is pretty much what i'm talking about. Yes in xp you always have administrator privilages (if ur account is of adminitrator level). In vista alot has changed, especially with UAC (as annying as it maybe, it does its job). This requires the user to give applications permission to run. Not everything is run with administrator privilages in vista anymore, therefore its more secure (more secure than os x? probably not, but thats not up for me to decide) than previous versions.

[trav1085]

True, UAC does it's job, but with ALL those dialogs, can you do yours? Without UAC, Vista isn't any more secure than any version of Windows. I use XP, and am not going to switch to Vista because I know I (and what I do) won't find a difference, since I can't work with UAC on.

[ميكائيل/ميكا]

LOL, i don't believe this kid! But however, if it's true, PLEASE DON'T GIVE ANY EXPLOIT (CODE) TO THE GERMAN GOVERNMENT, if you know what i mean.

The german users might know what i'm talkin about

[pyrates]

True, UAC does it's job, but with ALL those dialogs, can you do yours? Without UAC, Vista isn't any more secure than any version of Windows. I use XP, and am not going to switch to Vista because I know I (and what I do) won't find a difference, since I can't work with UAC on.

 

And you can say the same thing for OS X. Now if you run as a regular user, as I do in vista, then I have to input the correct username and password to get access. Security begins with the user always.

[Colonel Ingus]

Remind me again how this totals 0?

Because he was talking about VIRUSES not security tweaks

 

with UAC (as annying as it maybe, it does its job).

Yeah if its job is annoying you There's no way to say "never ask me this again about this item." It also creates many problems for applications because they may not successfully install or operate correctly because they expect to be able to write where they are not "supposed" to. They are writing a few shims for some of those programs, but they will never be able to write shims for every single windows program available so many of them simply won't (can't) install/run correctly

[Unisex]

wtf? i do not understand everything

[Kenta]

And windows still doesn't force you to input a password.

 

Infact, setup doesn't even ask for one.

 

Windows is a mess for security.

 

UAC is the equivalent to pressing a button on a regular window without a popup.

 

I'm sure users don't even have enough time to read what it's for before they click okay, so it's completely useless.

[NeSuKuN]

"Apple Macintosh OS X. Currently, (5 out of 104) are marked as Unpatched with the most severe being rated Less critical "

http://secunia.com/product/96/?task=advisories

 

Remind me again how this totals 0?

Do you have even read that? all but one requires a 'malicious local user' (lol) and the last one requires you to download untrusted files, and if the script needs administrator privileges, a dialog will show up asking you for the password.

 

Also, there are FAR MORE than 2 exploits for vista, and remotely exploitable. Also vista is just one OS version of many, Mac OS X groups many versions.

[pyrates]

Do you have even read that? all but one requires a 'malicious local user' (lol) and the last one requires you to download untrusted files, and if the script needs administrator privileges, a dialog will show up asking you for the password.Also, there are FAR MORE than 2 exploits for vista, and remotely exploitable. Also vista is just one OS version of many, Mac OS X groups many versions.

2 vulnerabilities and they can only be caused by a malicious local user, so since you say that doesn't matter if that's how a vulnerability is exploited on the mac, then it shouldn't on windows vista as well. Here's the link:http://secunia.com/product/13223/?task=advisories

And windows still doesn't force you to input a password.Infact, setup doesn't even ask for one.Windows is a mess for security.UAC is the equivalent to pressing a button on a regular window without a popup.I'm sure users don't even have enough time to read what it's for before they click okay, so it's completely useless.

When I installed Windows Vista, it asked me for a password to set. Where do you get your information from?

Because he was talking about VIRUSES not security tweaks Yeah if its job is annoying you There's no way to say "never ask me this again about this item." It also creates many problems for applications because they may not successfully install or operate correctly because they expect to be able to write where they are not "supposed" to. They are writing a few shims for some of those programs, but they will never be able to write shims for every single windows program available so many of them simply won't (can't) install/run correctly

I want it to be that way. It's the way it should be. And Windows needs it. Otherwise everyone will be clicking don't ask me anymore and accept all. That's what happened with IE 6 and active x. One guy who was completely clueless, even said to just click don't ask me anymore and accept all just so that he's not annoyed by it. That's why that shouldn't be their.

[Ayanami]

Didn't there use to be a reward for writing a virus for Mac? I heard that from someone once....