1. Home
  2. Forums Index
  3. WebmasterWorld / Apple Software and Technology 1:48 pm May 21, 2026

Forum Moderators: travelin cat

Message Too Old, No Replies

Exploit released for Mac OS X flaw

         

engine

8:52 am on Oct 4, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Update:
Computer code that exploits a flaw in Apple Computer's Mac OS X was released publicly over the weekend.

The code takes advantage of a weakness in core parts of Mac OS X and could let a person with limited privileges gain full access to a system. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then.

"It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher at Matasano Security, who was credited by Apple with discovering the flaw. "It appears to be a zero-day exploit." He added that it may even "have been distributed before the patch was released."

Exploit released for Mac OS X flaw [news.com.com]

whoisgregg

1:32 pm on Oct 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



"The risk presented by this exploit is limited by the fact that it can only be exploited by a logged-in user, although the user may also be logged in remotely," Dai Zovi said. "The issue is also mitigated by the fact that a patch has already been released."

This exploit is of the "privilege escalation" variety. An attacker needs to already have an account on the target machine and be malevolent toward either the machine or the other users. So, the only real risk I see is for shared hosting environments who don't do the regular software updates.

Although the tech press will surely jump on this like they jump on all reports of "already fixed" Mac OS issues...

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Apple Software and Technology 1:48 pm May 21, 2026