OSX.Exploit.Launchd: A false security flag

OSX.Exploit.Launchd: A false security flag

Earlier today, Symantec issued an alert regarding a "new" Mac OS X trojan dubbed "OSX.Exploit.Launchd," and alleged Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability.

The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process.

The vulnerability was hence published by SecurityFocus (CVE-2006-1471), which called the "trojan" to Symantec's attention.

Oddly enough, Symantec's page describing the "trojan" does not even mention that applying the Mac OS X 10.4.7 update will plug this security hole, but instead offers some strange workarounds like: "Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files" and "Turn off and remove unneeded services. "

To recap, there is no threatening exploit in the wild, and the vulnerability has been patched in Mac OS X 10.4.7.

Feedback? Late-breakers@macfixit.com.

  • SecurityFocus
  • page describing the "trojan"
  • Late-breakers@macfixit.com
  • More from Late-Breakers

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Tech industry's high-flying 2014
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)