Mac OS X Exploit Rapidly Follows Patch

Security research firm Immunity releases an exploit for a Mac OS X flaw less than 24 hours after Apple came out with a patch.

Security research firm Immunity released exploit code for a serious bug affecting Mac OS X less than 24 hours after Apple released a patch for it.

The flaw is a buffer overflow vulnerability in the UPnP Internet Gateway Device Standardized Device Control code used to create port mappings on home NAT (Network Address Translation) gateways in the OS X mDNSResponder implementation.

Apple issued a patch for the vulnerability late in the week of May 21. The flaw, one of 17 security issues addressed by the company in the update, could lead to the remote execution of code. It affects Mac OS X v10.4.9 and Mac OS X Server v10.4.9.

The exploit was made available on May 25, less than 24 hours later, to members of Immunitys partner program.

"So essentially [its] a reliable remote root on everyone at Starbucks or on all those OS X fiends at security conventions," Dave Aitel, chief technology officer for Immunity, based in Miami, wrote in a posting about the exploit. "The Immunity exploit will do so on either PPC or Intel, your pick, and since the service restarts, you get to pick twice."

/zimages/5/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Jose Nazario, a software and security engineer at Arbor Networks, based in Lexington, Mass., said it was unusual for an exploit of a Mac vulnerability to be released so quickly.

"I dont know of any others that have been quite that fast, within a day or two," Nazario said, adding that Mac OS X has increasingly become a source of interest for hackers and security researchers alike.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.