Bonjour Apple, connect to this Mac OS X exploit

Summary:Exploit code for a dangerous flaw in the Mac OS X Bonjour service is released less than 24 hours after Apple's security update.

Apple Mac OS X Bonjour

Less than 24 hours after Apple patched a serious flaw in its Bonjour zero-configuration networking service, a private security research company has released exploit code that puts Mac OS X users at risk of code execution attacks.

The exploit code has been shipped to members of Dave Aitel's Immunity Partner's Program, the $40,000 subscription service that offers up-to-the-minute information on new flaws and exploits to IDS companies and larger pen testing firms.

Aitel announced the exploit on the Daily Dave mailing list this morning:

[It is] essentially a reliable remote root on everyone at Starbucks or on all those OS X fiends at security conventions. The Immunity exploit will do so on either PPC or Intel, your pick, and since the service restarts, you get to pick twice.

"If this doesn't shut up the Apple fanboys, nothing will," Aitel said in a brief conversation over IM.

The vulnerability, patched with yesterday's Security Update 2007-005, is a buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code. Apple's implementation of the protocal, called Bonjour, allows devices to automatically discover each other without the need to enter IP addresses or configure DNS servers.

However, the bug in the code used to create Port Mappings on home NAT gateways in the OS X implementation could open the door for an hacker on the local network to launch a denial-of-service or code execution attack.

Juniper Networks researcher Michael Lynn (of Black Hat/Cisco/ISS fame) is credited with finding and reporting the vulnerability to Apple.

ALSO SEE: Apple patch batch fixes 17 Mac OS X vulnerabilities.

[UPDATE: May 25 @ 12:43 PM]  Rob Lemos reports that this Bonjour flaw was in play during the CanSecWest MacBook hijack contest last month.

Topics: Apple, Hardware, Operating Systems, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.