July 16, 2007 (Computerworld) -- An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple Inc. missed in a May round of patches.
A poster on the Information Security Sell Out blog said yesterday that he or she had written a proof-of-concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple.
According to the researcher (actually, in one posting, "writers" is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007-005, included a fix for the mDSN bug. Info Sec's blogger(s) said the worm was also "very 'customer' specific" and crafted for cash. "[It] could easily be changed to be more malicious," said the researcher.
The same blogger made a minor stir in April when, after a $10,000 security conference contest concluded, he or she claimed to have grabbed the exploit from the conference wireless network and reverse-engineered the vulnerability. Conference organizers, however, denied that the wireless network had been cracked. When asked to back up his or her claims, the Info Sec blogger only replied: "There is no real benefit to me in doing so. I am not one who cares if people believe my claims or not."
In the same comment thread, the Info Sec blogger also promised to post the captured packets and other information "Once this bug is patched by Apple and I am satisfied that I would not be adding additional risk." Apple patched the QuckTime vulnerability May 1. The Info Sec blogger has not yet, however, posted the nicked network traffic.
Attempts to reach the Info Sec blogger via e-mail were unsuccessful.