OSX.Exploit.Launchd

Printer Friendly Page

Discovered: June 30, 2006
Updated: June 30, 2006 11:08:01 PM
Systems Affected: Mac

OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

Antivirus Protection Dates

  • Initial Rapid Release version June 30, 2006
  • Latest Rapid Release version May 31, 2016 revision 036
  • Initial Daily Certified version June 30, 2006
  • Latest Daily Certified version June 01, 2016 revision 005
  • Initial Weekly Certified release date July 05, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.


Technical Description

OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

An attacker who exploits this vulnerability could elevate the privileges of his local account on an Apple Mac OS X computer.

OSX.Exploit.Launchd is a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command:
launchctl load [MALICIOUS FILE NAME]

Once executed, the malicious code is run inside the process of LaunchD which runs with root privileges.

Next, it opens a shell with full root privileges which is controllable by the attacker.