"it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user."
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
iAdware: proof-of-concept adware program
Moderator: Mandrake
6 posts
• Page 1 of 1
iAdware: proof-of-concept adware program
by Antony » Sun 26 Nov, 2006 7:55 am
F-Secure noted a proof-of-concept sample of an adware program what can be silently installed to Mac user account. The only clue F-Secure provided is:
"it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user."
"it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user."
-
Antony - diamond member
- Posts: 14343
- Joined: Tue 18 Jun, 2002 11:36 pm
- Location: Sydney, Australia
by J-M » Tue 28 Nov, 2006 11:24 am
But more information is in this malware document of McAfee:
http://vil.nai.com/vil/content/v_140972.htm
http://vil.nai.com/vil/content/v_140972.htm
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
-
J-M - diamond member
- Posts: 815
- Joined: Sun 25 Jul, 2004 9:16 am
- Location: Helsinki, Finland
by Antony » Tue 28 Nov, 2006 10:54 pm
Apple has address this issue with [sdt=12455]Security Update 2006-007[/sdt].
Well done!
Installer
CVE-ID: CVE-2006-4404
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: When installing software as an Admin user, system privileges may be used without explicit authorization
Description: Admin users are normally required to authenticate before executing commands with system privileges. However, the Installer allows system privileges to be used by Admin users when installing certain packages without requiring authentication. This update addresses the issue by requiring authentication before installing software with system privileges.
Well done!
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
-
Antony - diamond member
- Posts: 14343
- Joined: Tue 18 Jun, 2002 11:36 pm
- Location: Sydney, Australia
by J-M » Wed 29 Nov, 2006 3:33 am
Thanks for the information. It was a quick process.
Are you sure that this is a patch against iAdware too (I'm asking because Apple doesn't list any related reference URLs).
Are you sure that this is a patch against iAdware too (I'm asking because Apple doesn't list any related reference URLs).
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
-
J-M - diamond member
- Posts: 815
- Joined: Sun 25 Jul, 2004 9:16 am
- Location: Helsinki, Finland
by Antony » Wed 29 Nov, 2006 5:28 am
Not 100% sure, but the description seems to match the "iAdware".J-M wrote:Are you sure that this is a patch against iAdware too (I'm asking because Apple doesn't list any related reference URLs).
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
-
Antony - diamond member
- Posts: 14343
- Joined: Tue 18 Jun, 2002 11:36 pm
- Location: Sydney, Australia
by J-M » Mon 11 Dec, 2006 10:04 am
Unfortunately, the latest information says it was not fixed.
Some references included to this SecuriTeam Blogs blog entry:
http://blogs.securiteam.com/index.php/archives/753
Some references included to this SecuriTeam Blogs blog entry:
http://blogs.securiteam.com/index.php/archives/753
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
-
J-M - diamond member
- Posts: 815
- Joined: Sun 25 Jul, 2004 9:16 am
- Location: Helsinki, Finland
6 posts
• Page 1 of 1
Who is online
Registered users: Yahoo [Bot]
