Darwin vulnerabilities found

[bbloke]

I still believe OS X to be more secure than a certain rival, but I read this and just thought I would pass on the information. Apple has been notified, it has been said.

http://www.macuser.co.uk/news/68287/security-hole-found-in-darwin.html

http://www.macworld.co.uk/news/index.cfm?NewsID=10653&Page=1&pagePos=16

"According to Immunity, a US-based company which develops software for testing platform security, the bugs affect all versions of OS X 10.3, including 10.3.7, the most recent revision. Although there is currently no known application in the wild which exploits the vulnerabilities, they could potentially be exploited to cause a kernel panic or memory overflow where a Mac is being used by multiple users simultaneously over a network."

 

[Tetano]

other info can be found here... http://felinemenace.org/advisories/macosx.txt the writer is the same who wrote the exploit for iTunes...

 

[scruffy]

Nothing unusual in the fact that there are security flaws in the OS. Every OS has security problems from time to time - OS X is a relatively young OS, so I'm more surprised by how few have been cropping up.

The simple nature of some of the bugs is kind of disappointing. Then again, who know how many such simple bugs are in closed source OS's one could think of...

I'm rather disappointed in the disclosure policy of Immunitysec - if you read the timeline at the bottom of the pdf, their's no mention of notifying Apple and giving them a chance to patch, before they notified the public. Pretty irresponsible.

 

[Tetano]

I don't know anything about coding, so maybe I'm wrong, but in the link I've posted, is the code at the end a working exploit for this bug? if it is, what Scruffy is saying about the policy of the company is right...

sorry, i've read that the exploit is for an older kernel... but the substance remains the same...

 

[scruffy]

The code at the end of the felinemenace advisory is a local crash exploit - compile and run on a computer you already have (non-root) access to, and it'll cause the computer to crash. The felinemenace advisory also notes that Apple had been informed. So, no big deal from that quarter, really.

It's the immunitysec advisory - the pdf that's referred to in a couple of places, at http://www.immunitysec.com/downloads/nukido.pdf - that I think is unprofessional. No exploit code, but that's not really the point. It's that they didn't give Apple a chance to get out a patch.

Immunitysec's timeline is this:
Found by an Immunity Researcher.
June 21, 2004 * manual source code audit, bug discovery.
June 22, 2004 * release to Immunity Vulnerability Sharing Club http://www.immunitysec.com/services-sharing.shtml
January 17, 2005 – released to public at Immunity Shindig 3 (NYC)
January 18, 2005 – released to public

Unless of course Apple is a member of this "vulnerability sharing club". Which I highly doubt, since the vulnerabilities are unpatched, and they're simple enough for the most part that July would have been lots and lots of notice

 

[Tetano]

I don't know what is this exploit for, but as bbloke I think that is right to share this information....

http://forum.zone-h.org/viewtopic.php?t=1892

 

[fryke]

Well, I think Apple _should_ be part of that vulnerability sharing board by now, then. ... And publishing such information is still muuuuuuuuuuch better than sharing with script kiddies first or selling the information to 'interested parties'...

 

[scruffy]

Kind of looks to me like the "vulnerability sharing club" is about sharing vulnerabilities with an exclusive group of hackers, so that they can be exploited for a time before any public disclosure what - have a look at the website. Of course, they couch it in unclear language, but it still sounds veeery sketchy.