OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."
read more
Stephen Withers
Tuesday, 09 January 2007 07:25
The flaw utilised is that the standard permissions on the /Library/Frameworks folder allow an admin user (eg the default account created when Mac OS X is first set up) to gain root privileges without authenticating. Today's exploit uses this to give root privileges to Application Enhancer, which it then patches to provide a persistent backdoor into the affected system.
In turn, today's MoAB disclosure by LMH and Johnny Pwnerseed states "If the developers [of Application Enhancer] have left a binary executed with root privileges at an user-writable path, they are certainly capable of doing other non-sense" and refers to "a jackass third-party which has no security background at all and spends more time flaming and insulting on a delusional IRC channel than on real work".
The workaround suggested by LMH and Johnny Pwnerseed is to "Stay away from Application Enhancer", however that would appear to leave the potential for similar exploits of other applications that put components into /Library/Frameworks. MoAB Fixes offers a more general workaround that changes to privileges on that folder. That change is easily reversed, but no guidance is given about when that might be necessary, and in any case repairing permissions will reset the privileges to their original state.
Loading comments ...
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
LATEST HEADLINES FROM YOUR IT
