Discovered: June 30, 2006
Updated: June 30, 2006 11:08:01 PM
OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.
An attacker who exploits this vulnerability could elevate the privileges of his local account on an Apple Mac OS X computer.
OSX.Exploit.Launchd is a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command:
launchctl load [MALICIOUS FILE NAME]
Once executed, the malicious code is run inside the process of LaunchD which runs with root privileges.
Next, it opens a shell with full root privileges which is controllable by the attacker.
Writeup By: Costin Ionescu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine