Linked by Thom Holwerda on Fri 24th Nov 2006 20:06 UTC, submitted by hamster
Mac OS X On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights. "We won't disclose the exact technique used here - it's a feature not a bug - but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires copy permissions." My take: I'd say, hand over the code, then we'll talk.
Permalink for comment 185442
To read all comments associated with this story, please click here.
by nevali on Sun 26th Nov 2006 10:57 UTC
Member since:

Er, hold on, there's nothing spectacular here. The same thing could be fairly trivially implemented on Linux, Solaris, or BSD by maliciously adding LD_PRELOAD settings to your .profile/.bashrc/whatever.

On the one hand, F-Secure say ‘installed to your user account’ and on the other they say ‘System Library’. Which is it, boys and girls?

I'm guessing it's one of ~/Library/InputManagers, /Library/InputManagers, or /System/Library/InputManagers? Place bets now!

If a non-admin can write to /Library/InputManagers or /System/Library/InputManagers, then we perhaps have a problem, otherwise this whole thing is simply that a user can install a shared library in their own home directory and it be loaded automatically. Newsflash: most other UNIX-like systems that use shared libraries have the same functionality.

Reply Score: 3