Two Trojans For Mac OS X

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

An unpopular opinion....

[Toreo+asesino]

I'm sure this will go down like a lead balloon here, but this is one example of how, technically at least, Vista is more secure than OSX in this regard...

Because no user can ever be root without a UAC elevation, no program can "just ask for the password" and therefore get admin privileges quite so easily.

Of course, if the user clicks "Continue" anyway, then you're screwed in any OS but that's another story.....

*ducks*

Re:An unpopular opinion....

[John+Betonschaar]

I don't really see the difference between OS X privilege escalation using a password prompt and sudo or Vista using UAC. If you allow the program admin privileges you're screwed, and I believe it's just as easy to implement this on Vista as it is on OS X. On linux it might be a little bit harder because different distro's use different sudo configurations.

As for the ARDAgent vulnerability: that's a completely different story, it's a serious security flaw that needs to be fixed very, very fast.

Re:Proof of Concept Slashdot Trojan

[lordkuri]

12345!? That's amazing! I've got the same combination on my luggage!!

(someone was going to do it, might as well be me)

OMGZ it's teh OS X trojanz!

[Yvan256]

Trojan asks users for password, intelligent users are safe, news at 11.