Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Root-Level Exploit for OSX LaunchD Service SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Root-Level Exploit for OSX LaunchD Service
The diary entry from June 28th covered the release of the new version of OS X 10.4.7 which addressed various security issues.  There is now a publicly available exploit taking advantage of the format string vulnerability with the LaunchD daemon in versions of OS X up to and including 10.4.6 which can result in an attacker gaining root access on the system.

You can get more information about the vulnerability and exploit from Security Focus.

If you haven't already installed the update, time to get moving.

Thanks to Juha-Matti for the information.


78 Posts
Jun 30th 2006

Sign Up for Free or Log In to start participating in the conversation!