In association with heise online

15 April 2009, 16:46

Root exploit for Mac OS X

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several exploits for Apple's Mac OS X operating system are in circulation which have not yet been patched. In a short test carried out by the heise Security editorial team, one of the exploits allowed a Mac OS X 10.5.6 user with normal privileges to obtain root privileges. The problem is triggered when mounting malformed HFS disk images. The exploit consists of a shell script and some source code written in C. The C code generates the disk image which, when mounted, provokes the flaw that allows execution of code at root level.

The other exploits target vulnerabilities in kernel system calls (CTL_VFS, SYS___mac_getfsstat and SYS_add_profil) which allow logged-in users to crash a system. Parts of the kernel memory may also be vulnerable to spying. Another exploit for a hole in AppleTalk reportedly allows attackers to remotely provoke a buffer overflow. However, this vulnerability doesn't seem to allow code injection.

It remains unknown whether Apple has been informed of these problems. On his website, the author of the exploits writes that he already publicly demonstrated the exploits at the recent CanSecWest 2009 security conference. Until Apple has released an update to solve the problems, users are advised not to mount disk images originating from unknown sources.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit