Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
For the second consecutive day the focus is software from Apple rather than a third-party product. What's more it's a component that practically everyone uses from time to time: System Preferences.
The problem is that some standard preference panes use a helper called writeconfig, which in turn uses /sbin/service to start certain services without ensuring its PATH environment variable hasn't been tampered with.
PATH determines the order in which folders are searched for an executable when its location is not specified. Tampering with PATH can allow a (possibly malicious) executable to be run in place of the one intended.
"This can be abused for executing arbitrary binaries with root privileges" warn Kevin Finisterre and LMH.
While the proof of concept requires the user to activate Windows Sharing, they suggest it may be possible to exploit the vulnerability via AppleScript in order to eliminate the need for that interaction.
A suggested workaround is to modify /sbin/service so that it sets the PATH variable to four specific locations, which are not writable by non-root users.
David Bass
| ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
