[X4U] Serious OS X Security Vulnerability
DZ-Jay
dz at caribe.net
Thu Apr 7 02:36:05 PDT 2005
Hello:
Here's an interesting response to that article:
http://www.securityfocus.com/archive/1/395142/2005-04-03/2005-04-09/2
Quotes from the response:
"Explain to me how this is a MacOS specific bug? I can duplicate this
behavior on my debian linux machine."
"If you have the ability to introduce a trojan into an admin level
account you appear to have other issues on your hands."
"I think this advisory is more suited for a how to securely configure
sudo FAQ"
This apparently seems to be Apple's view on the subject. I say
"apparently", because I have no way of knowing exactly what Apple has
said, or their official position, except for what the original poster
alluded. Although I believe that security issues should be treated
with care and attention, alarmist reactions in haste do not do anybody
any favors.
dZ.
On Apr 7, 2005, at 04:22, Randy B.Singer wrote:
> There is a warning out about a potentially very serious security
> vulnerability in OS X. The vulnerability would allow a Trojan Horse to
> gain root access without the need for user authentication.
>
> The good news is that the vulnerability is easily patched.
>
> The bad news is that Apple doesn't feel that it is a problem that they
> have to deal with.
>
> See:
> <http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0>
More information about the X4U
mailing list