Intego issues OS X security alert
Bluetooth hole grants root access.
By Peter Cohen, Macworld.com | Macworld.com | Published: 10:16, 26 October 2006
Intego has found a "low risk" hole in Mac OS X involving Bluetooth. The exploit, called Inqtana.d, is a proof-of-concept that hasn't been seen "in the wild", the company said.
It is the latest permutation of a malware threat that first came to light earlier in the year and depends on security holes in Macs running Mac OS X v10.3 and 10.4 that haven't been updated all the available security updates, according to Intego.
Inqtana.d can be installed on a Mac through an "rfcomm" security hole in Bluetooth from a computer or PDA running Linux, Intego said. The attacking computer needs to be within Bluetooth range - approximately 30 feet. Unlike previous implementations of Inqtana, it doesn't require any user interaction - a user account called "bluetooth" is created, which grants root access that can then be exploited for malicious use.
Related Articles on Techworld
Intego also said that the Inqtana.d malware installs additional software, and the user account includes a "backdoor" which lets users log in through that account using Ethernet or AirPort. "Users with updated Mac OS X systems will already have installed a security update that protects against this vulnerability," noted Intego.
Apple has already posted a security update for Mac OS X v10.3 and Mac OS X v10.4.7 that closes the exploit - but if you haven't updated your Mac with those, it remains at risk.
"If, however, users' computers have been compromised before applying the updates mentioned above, the damage will be done, and the backdoor will remain installed. The only way to ensure that this backdoor is removed is to run Intego VirusBarrier X4," said Intego.
