1. /
  2. Security Response/
  3. OSX.Exploit.Launchd

OSX.Exploit.Launchd

Risk Level 1: Very Low

Discovered:
June 30, 2006
Updated:
June 30, 2006 11:08:01 PM
OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

An attacker who exploits this vulnerability could elevate the privileges of his local account on an Apple Mac OS X computer.

OSX.Exploit.Launchd is a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command:
launchctl load [MALICIOUS FILE NAME]

Once executed, the malicious code is run inside the process of LaunchD which runs with root privileges.

Next, it opens a shell with full root privileges which is controllable by the attacker.
Writeup By: Costin Ionescu
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver