An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple Inc. missed in a May round of patches.
A poster on the Information Security Sell Out blog said yesterday that he or she had written a proof-of-concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple.
According to the researcher (actually, in one posting, "writers" is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007-005, included a fix for the mDSN bug.
Info Sec's blogger(s) said the worm was also "very 'customer' specific" and crafted for cash. "[It] could easily be changed to be more malicious," said the researcher.
Microsoft copy protection cracked again
Microsoft Corp. is once again on the defensive against hackers after the launch of a new program that gives average PC users tools to unlock copy-protected digital music and movies.
The latest version of the FairUse4M program, which can crack Microsoft's digital rights management system for Windows Media audio and video files, was published online late Friday. In the past year, Microsoft plugged holes exploited by two earlier versions of the program and filed a federal lawsuit against its anonymous authors. Microsoft dropped the lawsuit after failing to identify them.
The third version of FairUse4M has a simple drag-and-drop interface. PC users can turn the protected music files they bought online — either a la carte or as part of a subscription service like Napster — and turn them into DRM-free tunes that can be copied and shared at will, or turned into MP3 files that can play on any type of digital music player.