Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Another OS X worm unearthed

....but low risk vulnerability.

By Peter Cohen, Macworld.com | Published: 13:14, 20 February 2006

A second piece of Mac OS X malware has emerged within a week - albeit a worm that poses a very limited threat. Security software maker F-Secure describes Inqtana.A, a Java-based "proof of concept" worm that exploits a vulnerability in Bluetooth on some Macs that haven't been updated with Panther and Tiger security patches.

The chances of Mac users actually being affected by Inqtana.A are remote, however - even F-Secure notes that it hasn't seen the worm "in the wild." What's more, Inqtana.A has an internal counter that prevents its operation after 24 February 2006. And Apple has also patched the vulnerability in free system updates.

Bluetooth is a short-distance, low-speed wireless networking technology used to connect computers, printers, PDAs, smartphones and other devices - it's become commonplace on the Mac in recent years.

Inqtana.A exploits a vulnerability called Bluetooth File and Object Exchange Directory Traversal: An infected machine could send an Object Exchange (OBEX) Push request to another system; if the user accepted the data transfer, Inqtana.A could then use the exploit to copy its files to start automatically on the next reboot. Once restarted, Inqtana.A could use the host machine to find other devices that accept OBEX Push transfers and try again.

The Directory Traversal exploit was documented in May, 2005. Apple Security Update 2005-006 for Mac OS X v10.3.9 and Mac OS X v10.4.1 closed the hole. Apple also integrated that security change into Mac OS X v10.4.1's general release. F-Secure claims that Inqtana.A is specific to Mac OS X v10.4.

The existence of Inqtana.A elicited an "I told you so" from security software maker Symantec senior director Vincent Weafer.

"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend," said Weafer in a statement.

Weafer advised diligence to Mac users, warning that Inqtana.A's source code "could be easily modified by a future attacker to do damage."

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.