Technology news and Jobs 
Information Technology News MoAB beats Mac OS X privileges again
Information Technology News MoAB beats Mac OS X privileges again | MoAB beats Mac OS X privileges again |
|
| by Stephen Withers | |
| Monday, 29 January 2007 | |
      
Today's issue takes advantage of a characteristic of crashdump, the OS component that alerts users of application crashes and creates crash reports. Unlike some vulnerabilities, this one can escalate privileges from admin to root, but not those of an unprivileged user. No workaround - apart from the tongue-in-cheek "Wipe off Mac OS X and install MS-DOS" - is offered. LMH notes in his blog that donations to the project have reached $US568.73. This is about $US30 short of the price of a Mac mini, which was the goal of the fundraising effort. In related news, two developers last week released new versions of their software to overcome vulnerabilities disclosed by MoAB. On January 24, Panic released version 3.5.6 of its Transmit FTP client application, fixing the ftp and ftps buffer overflow disclosed on January 19. On January 22, Maxum released version 5.1.1 of Rumpus, its file transfer server. The update addressed the vulnerabilities disclosed by MoAB on January 18 and incorporated some other minor changes. The MoAB Fixes project continues to work on temporary patches for problems identified by the Month of Apple Bugs. Progress has been made on the Software Update (January 24), Installer (January 26) and Flip4Mac (January 27) patches, but a compiled Application Enhancer module incorporating these latest patches had not been released as of this writing. Apple has also released a security update for Mac mini, MacBook and MacBook Pro computers fitted with Core Duo processors and AirPort Extreme wireless cards. Core 2 Duo models are unaffected. The update performs additional validation of wireless frames, preventing an attacker from causing a crash by transmitting a maliciously crafted frame. LMH was credited with reporting the issue, which was not one of those disclosed as part of the Month of Apple Bugs.{moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
