This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Paul's Time Sink

| Main | Albums |

« | »

Mac OS X security hole

Paul Westbrook | 28 June, 2006 22:44

The Alastair's Place has a post mentioning a security hole in Mac OS X, where is is possible for an arbitrary application to get the admin password.  Once this happens, it would be possible for it to execute arbitrary code.  This hole allows any application to present the Admin Authentication dialog and make it look like it is coming from a trusted application.

Alastair reported this to Apple in 2003, but Apple hasn't responded.  I am not sure what they can do, since any application can make a dialog appear like an authentication dialog, even without using the standard system call.

Unfortunately, I don't see a way to easily determine if an application is using this trick.  It looks like the process name that is displayed in top and ps is the value from argv[0].

[via The Apple Blog]

Technorati Tags: ,

Computer :: Comment (0) :: Permalink :: Trackbacks (0)

Add comment

Topic

Text

Your name

Your email address

Your personal page (if any)




Powered by LifeType
Design by Book of Styles