‘MacOS X SoftwareUpdate Vulnerability’

Summary

‘Mac OS X includes a software updating mechanism ‘SoftwareUpdate’. Software update, when configured by default, checks weekly for new updates from Apple. HTTP is used with absolutely no authentication. Using well-known techniques, such as DNS Spoofing, or DNS Cache Poisoning it is trivial to trick a user into installing a malicious program posing as an update from Apple.’

Credit:

‘The information has been provided by Russell Harding.’


Details

Impact:
Apple frequently releases updates, which are all installed as root. Exploiting this vulnerability can lead to root compromise on affected systems. These are known to include Mac OS 10.1.X and possibly 10.0.X.

Solution:
Patch is now available from apple:
http://download.info.apple.com/Mac_OS_X/061-0074.20020712/2z/SecurityUpdate7-12-02.dmg.bin (The patch includes cryptographic signatures on packages)

Exploit:
A detailed way of exploiting this issue is available via:
http://www.cunap.com/~hardingr/projects/osx/exploit.html

Categories: News