Mac Bug Exploit Appears
exploit Apple on Friday malware
The code, which has appeared on the "milw0rm" site, exploits a bug that Apple Computer identified within the operating system's kernel. According to the security update advisory Apple released Friday, the flaw is in a kernel error-handing mechanism known as "Mach exception ports" that controls programs when certain types of errors are generated.
A successful exploit, Apple said then, could let an attacker introduce his own code to an unpatched Mac running OS 10.4.1 though 10.4.7.
"The exploit payload executes /usr/bin/id, and as such would need to be replaced with a more useful payload to be used effectively," noted Symantec in an alert to customers of its DeepSight threat system.
Apple patched the flaw in the Mac OS X 10.4.8 upgrade it rolled out on its download site and made available via automatic update on Friday.