Worm Threat Forces Apple To Disable Software?

SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"

Re:Apple did the right thing

[pla]

Apple is doing the right thing, here, folks!

The worm in question exploits a buffer overflow.

It almost certainly took them more effort to disable the feature than it would have to fix the broken code.

Additionally, regardless of the ease of fixing vs disabling, they should have given users the choice of disabling it or not. If I actually used uPNP (which I don't), I'd feel pretty pissed off that Apple had taken it upon themselves to break a perfectly functional feature on a machine on my nice safe LAN (Not that I keep my LAN-side machines defenseless, but I don't worry about peeling wallpaper when the barberians have already breached the outer walls).

And worse still, Mac users for the most part prefer to remain willfully ignorant of even the most basic of details on how their machines work (and don't call that a troll, ASK one! They brag about how little they know compared to what it takes to keep a Windows machine happy). So they won't have the first idea of what to do when iChat suddenly breaks for no apparent reason.

Does anyone use mDNS?

[flyingfsck]

This stupid mDNS thing is always enabled on every system I install and I always have to disable it. Does anyone actually use this Microsoft crap?

wait a minute

[commodoresloat]

I don't know a lot about programming or security issues, so correct me if I'm wrong, but if the above is true, what I am hearing is that (1) OS X isn't as secure as I thought (as an unabashed Apple fanboy, I consider this a bad thing), (2) It's so insecure that Apple had to sacrifice some functionality in order to patch it (again, this is a bad thing, even though I've never heard of UPnP before today and have no idea whether I will miss it). BUT (3) In the end, this is all Microsoft's fault.

All I can say is... Sweeeeet.

Re:wait a minute

[toadlife]

"It will not change the fact that malware and viruses are simply a non-issue for any platform but Microsoft Windows..."

It will also not change the fact that virtually no one runs any version of UNIX on the desktop.

Wake me up when OSX or Linux or any other flavor of UNIX is subjected to the same conditions as Windows and then we'll see how incredibly secure your favorite family of OSs is.

Idiot.

Re:*Pulls out a plate 'o crow*

[His+Shadow]

Stick it, Sunshine. When you have an actual in-the-wild virus/malware/trojan running on Mac OS X to report, you make all the hyperbolic statements you want.

When all you have is a software change for a possible vulnerability that hasn't been exploited, you should just sit down and shut up.