OSX.Exploit.Launchd: A false security flag

Earlier today, Symantec issued an alert regarding a "new" Mac OS X trojan dubbed "OSX.Exploit.Launchd," and alleged Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability.

The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process.

The vulnerability was hence published by SecurityFocus (CVE-2006-1471), which called the "trojan" to Symantec's attention.

Oddly enough, Symantec's page describing the "trojan" does not even mention that applying the Mac OS X 10.4.7 update will plug this security hole, but instead offers some strange workarounds like: "Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files" and "Turn off and remove unneeded services. "

To recap, there is no threatening exploit in the wild, and the vulnerability has been patched in Mac OS X 10.4.7.

Feedback? Late-breakers@macfixit.com.

Resources