OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."
The third week of the Month of Apple Bugs has kicked off with a vulnerability that "makes every 'denial of service issue' leading to a so-called 'crash' usable for escalating privileges."
The sample exploit installs a InputManager in the user's Library folder, then causes it to be executed by UserNotificationCenter, a piece of software that runs with 'wheel' privileges (roughly equivalent to admin) and provides a mechanism for programs without user interfaces to interact with the user.
The InputManager then replaces installAssistant (part of System Preferences) with a shell wrapper giving root access, then makes it executable again by repairing privileges. The attacker is then able to run this program to operate with root privileges.
The exploit can also be triggered by kernel panics caused by corrupted font or disk image files.
As it stands, this appears to be a local vulnerability, but that's still an issue in shared environments as it could be used by someone with a ordinary user account to make unauthorised changes to the system or to gain access to other users' files.
The suggested workaround is to limit user's access to their InputManagers folder and prevent permissions repair.
David Frost
| SYDNEY– February 9, 2012. Gigamon®, the world leader in Traffic Visibility Fabric solutions, announced that it has expanded the breadth and s…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
