Linked by Thom Holwerda on Thu 26th Jun 2008 11:13 UTC
On OSNews, we try to steer away from speaking of specific security incidents, trojans, or viruses, unless they are in one way or the other special, or very influential. Over the course of the past 12 months or so, many incidents concerning Mac security arose, but most, if not all, were lemons: they required the user to actively enter his administrator password, or to manually launch the malicious program. In my book, these cases do not constitute as serious breaches of security, and hence, OSNews ignored them. However, a new security breach has been making rounds around the internet lately, which does pose a serious breach in security.
Thread beginning with comment 320223
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2005-06-29
RE[2]: Where's more info?
by Clinton on Thu 26th Jun 2008 17:23
in reply to "RE: Where's more info?"
Member since:2005-07-05
I think he/she means what are the steps one would have to take in order to be vulnerable. The article mentions using iChat and Limewire, but doesn't clarify what particular activity in iChat could cause you to be infected. Would simply talking to a friend do it? Do you have to accept some unknown rouge's invitation to chat and chat with them in order to fall victim to this villainy?
It seems obvious the ways Limewire could be used to infect your machine, but the iChat one isn't very revealing.
I agree with the original poster that while very detailed in some regards, the article is vague in others.
Member since:
2005-06-29
So far what I've read regarding the ARD vulnerability is that it's only exploitable locally, if there's a shell access to the machine.
The article doesn't specify any attack vectors. How do we get the malware? Opening a website crashes Safari? Opening an attachment crashes Mail? They don't say.