Apple recently released an update for its Mac OS X. As fate would have it, soon after the release of the update, a security researcher at Digital Munition (Kevin Finisterre) released Proof of Concept code that takes advantage of a vulnerability in the Mac OS X component called ‘launchd’. This is highly exploitable and can be used to execute arbitrary code with elevated priveleges.
The creator of the said exploit code just happens to be the same guy who created the InqTana proof of concept worm. The InqTana Worm was a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X v10.4.
The good news is that this issue has already been resolved in Apple’s latest update (Mac OS X 10.4.7) which can be found here. It is highly advised for all Mac users to update to the latest relase ASAP (as soon as possible) to avoid any problems with their software.
Trend will detect this exploit code as PERL_NIVEK.A. This is currently being handled by our service team. We will update you as soon as the pattern is released.