Root-Level Exploit for OSX LaunchD Service
Author: Dave Lewis
Well, being a recent Macbook convert I have been paying more attention to Mac vulnerabilities. There was a code update released two days ago (I know, fast on my part) and with the update comes updates for Quicktime and iTunes. Now, according to the good folks at ISC it turns out that there is a root level exploit to go with it which is publicly available.
There is now a publicly available exploit taking advantage of the format string vulnerability with the LaunchD daemon in versions of OS X up to and including 10.4.6 which can result in an attacker gaining root access on the system.
Be sure to patch your system as soon as possible.
Tags: Mac, Macbook, Apple, Vulnerabilities, OS X Patches, Exploit
