And here we go again. A security researcher has allegedly created a proof-of-concept worm for OS X that exploits a vulnerability in the mDNS Responder. While Apple did patch that system for a buffer overflow back in May’s Security Update 2007-005, the author of the Information Security Sell Out blog claims that there are still holes in the software.
The proof-of-concept currently gains root access to a system, creates a text file on the desktop, and then spreads to other computers on the local network.
I’ve little doubt that this news will be making a big splash in the next few days, so let’s just remember a few important things. Firstly, this is nothing more than a proof-of-concept; it isn’t in the wild. This worm is not going to show up on your system. If you are concerned, just remember to practice safe computing: don’t download files from suspicious sites, don’t open attachments from people you don’t know, etc.
While the author of the code says that he will share the information with Apple “eventually,” he also points out that he’s doing this for a specific reason:
While it is nothing special compared to Windows based Malware it does prove a point — Apple Computers are just as susceptible to Malware as Windows based ones.Remember, no need to panic just yet. Nobody’s even verified that this proof-of-concept exists. So just relax and go about your business.
[via MacNN]
"Proves a point"?
really?
"Proves a point"?
Where has this idiot been? The point has been "proven" repeatedly. How does publishing an exploit without reporting the vulnerability to Apple "prove" anything other than what a huge prick he is?
Anyone else noticed that with all these exploits highlighted there have been no attacks. If these people wanted to make an impact they'd exploit the problem but I guess they can't.