A Worm for Your Apple
A small controversy is brewing over claims that an independent researcher going by the moniker Information Security Sellout (or InfoSec Sellout) has developed the framework of a worm that targets a currently undisclosed vulnerability affecting the Intel versions of OS X. The worm is expected to extend to PPC versions as soon as the author is able to test against that architecture. With the author dubbing it 'Rape.osx', the evolution of the worm is likely to be keenly watched by Apple watchers, security researchers, and malware developers.
When the first report was published on Sunday, InfoSec Sellout was claiming that the proof-of-concept worm was able to reliably deliver root and was based on a variation of mDNSResponder vulnerabilities that Apple had previously patched. InfoSec Sellout later disclosed that the worm was first completed on July 14, with functional testing on a network of approximately 1,500 OS X systems by the 16th of July.
In its first instance the worm only left a text file as evidence that it had been on a system, but it is reported that the worm can fully be 'weaponised' with the payload of choice (and it can achieve that result at this time). While InfoSec Sellout states that the worm only seeks out other systems on the same network for infection, they point out that it is not going to take much extra work for the worm to attack a much broader network segment.
Following the path of many recent researchers, the author has stated publicly that they are avoiding telling Apple about their work until it is complete (and after they have been compensated from unnamed sources). This has led to the expected arguments about the ethical and professional nature of such behaviour. In their defence, the author claims that it would be irresponsible to report on incomplete research. Plus, they don't want to give the vulnerability to Apple in order for Apple to miss patching the underlying vulnerability - only patching the particular approach vector being used.
With Apple having some of the most passionate defenders in Information Technology (its userbase), the ongoing arguments about the merits of 'Rape.osx' are likely to go long into the future - well after any real or perceived threat from the worm has passed.
18 July 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.