Another link:
Trojan exploiting unpatched Mac OS X vulnerability in the wild | Zero Day | ZDNet.com
This absurdly hilarious. Despite what the media and av companies say this is *not* a significant threat to most people. It is also easy to fix and you should not panic.
Now please don't misunderstand me. Having root access is significant
but the chances of actually picking this sort of thing up are still considerably slim.
As someone I know recently said:
Quote:
[14:31:34] <iNerd> osascript -e 'tell app "ARDAgent" to do shell script "chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"';
[14:33:11] <iNerd> but patching it with itself
[14:33:16] <iNerd> has to gain some win
|
Some more quoting from the MacShadows IRC channel:
Quote:
[15:00:17] <Xel> I hate how one ******* vulnerability is making it sound like 500000 new trojan variants are possible.
[15:01:39] <lurkishfigure> They just keep reprinting the same incorrect information without any actual fact checking. Pathetic.
[15:02:17] <Xel> Well I mean... you can get creative with what you can do with root access.... But this is ONE issue, not 50000
[15:03:26] <Corsec> lurkishfigure: its fine as long as the sight their source, and since they are all using each other as sources, its getting a little out of hand
[15:04:27] <lurkishfigure> Yes and the anti-virus companies issuing new press releases about the same script but calling it by different names isn't helping at all either.
[15:05:41] <Corsec> Lets write a few more, and name them cool stuff, like, MacScan-Blows-Chunks
[15:05:50] <Corsec> post them to news groups, etc
[15:06:01] <Corsec> hell, we could call them PoC and they would still get picked up
[15:06:31] <lurkishfigure> :)
[15:06:34] <Xel> Hmm
[15:06:39] <lurkishfigure> You don't even have to compile them.
[15:06:42] <Xel> If you really want to get their attention....
[15:06:52] <Xel> The ones that AV vendors usually go after the most are ones that attack AV software.
[15:07:03] <Corsec> oooo, that would be fun
[15:07:09] <Xel> Something that used this exploit to search+destroy SecureMac AV or whatever it's called
[15:07:21] <Xel> That would get them to go nutts
[15:07:28] <MacJunky> that would not be hard at all
[15:07:34] <Xel> I know it wouldn't be hard.
[15:07:37] <lurkishfigure> Ooooh we should submit a press release to all the news sites about another Mac trojan and include a psuedo-code trojan!!!!!!! lol
[15:07:38] <Xel> -f
[15:07:56] <Xel> But meh, I don't really think that adding to this false panic would be a good idea.
[15:08:03] <Xel> A bunch of people are going to get worried over nothing
[15:08:12] <Xel> And security companies that exploit ignorance are going to get richer
[15:08:27] <lurkishfigure> Enh, maybe people should be aware that there is something to be worried about.
[15:08:48] <Xel> Ohh there is. But not like the media is reporting.
|
Personally I just did a quick little sudo rm because I do not and never will use Apple's perversion of VNC or even a regular VNC server on this system (they are cross compatible).
Anyway, of course be careful just as you would with any operating system but don't freak out about it like those "news" blogs and av companies say you should.
And no, I do not work for Apple.
Oh, for all those Mac users reading this I have to push a program that they should love like one of their own children.. "Little Snitch".
June 24, 2008, 02:18 PM
Mac's maybe not so safe from viruses 
Linear Mode
