Home » Story links » Nov1's story links

Month of Apple Bugs project uncovers vulnerability in flaw-fixing tool

Link: http://www.scmagazine.com/us/news/article/625381/month-apple...
Points: 686 views User: Nov1 Comments: 1 Comments Tag:

A vulnerability has been discovered in a tool used to patch bugs found in Apple software. The flaw was disclosed earlier this week as part of the Month of Apple Bugs (MoAB) project. The two men behind the project, Kevin Finisterre and a former hacker known as LMH, aim to publicize bugs in Apple's OS X operating system throughout January and produce working code for any loopholes they find.

The latest vulnerability is in Application Enhancer (APE), used to apply run-time patches for published Apple flaws.

The bug allows local users to obtain root privileges - and possibly compromise a computer - by patching or replacing the APE binary code.


Email: Email this Story to a Friend

Not quite

Submitted by Anonymous on Wed, 2007-01-10 22:59.

APE is being used right now to apply patches, yes. But lead people to assume this is the purpose of APE - that's about as misleading as you can get. So far APE itself is far more dangerous than any of the bugs it's been set to patch.

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.