Among other less notable changes in the Mac OS X 10.4.7 update was a fix to launchd, the system process that starts up the system. I have to get a kick out of how unfamiliar ZDNet was with it.
The malicious program takes advantage of a locally exploitable vulnerability in an operating system component called “launchd”.
I couldn’t help but read in “we don’t know what it does, but it’s part of the system somehow”. Apple’s written a nice little explanation. Basically, it was Apple’s attempt to clean up the system initialization process, and is responsible for the drastically quicker startup times we see in Tiger.
At any rate, following the 10.4.7 update, someone made a trojan that utilized the flaw in launchd that was fixed by the update. yawn. MacFixit called Symantec out (hurry and look now, it’ll be gone to their archives soon) for their writeup of the trojan.
Conspicuously absent from their list of recommendations: update to Mac OS X 10.4.7. Instead, they recommend things like turning off services and enforce a good password policy. Talk about phoning it in.
