The software has the ability to create a new system volume, call to some OS functions, and change the user ID, without administrative privileges.
Proof-of-concept exploit code has been posted online for six kernel vulnerabilities, five of which affect Mac OS X 10.5.6, the most current version of Apple's operating system software.
The vulnerabilities were discussed at CanSecWest 2009 last week during a talk about security flaws in the FreeBSD, Mac OS X, and Solaris kernels by security researchers Christer Oberg and Neil Kettle of Convergent Network Solutions.
One of them, a local kernel root exploit in FreeBSD 7.0/7.1, has been patched.
The five that affect Mac OS X, which uses the Mach kernel and incorporates portions of FreeBSD Unix, remain unpatched.
In an e-mail, Kettle explained that the vulnerabilities exploited were not disclosed to Apple when they were found and remained private until they were published to Milw0rm.com on Monday. He said no one has yet complained about the disclosure of the vulnerabilities, noting that in his experience, kernel bugs are not as serious as other vulnerabilities. "We wanted to show how easy it still is to break production kernels in well-used operating systems," he said.
Inaki Urzay, CTO of Panda Security, said the proof-of-concept code isn't an immediate threat but that it could be in the future. "The vulnerabilities are proofs of concept that demonstrate the code can take control of a machine, either via creating a privilege escalation modifying the users or launching DoS local attacks against the PC," he said in an e-mail. "The proof of concept code has the ability to create a new system volume, call to some OS functions, change the user ID, and so on, without administrative privileges."
The PoC code is designated as follows: 1) Mac OS X xnu <= 1228.3.13 (zip-notify) Remote Kernel Overflow PoC; 2) Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS; 3) Mac OS X xnu <= 1228.3.13 (profil) Kernel Memory Leak/DoS PoC; 4) Mac OS X xnu <=1228.x (vfssysctl) Local Kernel DoS PoC; and 5) Mac OS X xnu <= 1228.x (hfs-fcntl) Local Kernel Root Exploit.
Kettle offered the following explanations for the five exploits:
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.