About | ACP | Buy | Industry Watch | Learning Curve | News | Search | Test
Home » Industry Watch

A Fortnight of Apple Bugs (and Fixes)

Halfway through the war of words.

If anyone thought the doyens of the beige box community were going to take their lickings like the full grown men found hanging around other platforms they had another thing coming. As with the Apple security alert response times published in the Washington Post a year ago, issues are deliberately clouded early on, making it difficult for outsiders to see what the real issues are.

The world of the Apple fanboys is a world apart.

Things started slowly at the MOAB website with four moderately interesting exploits in as many days, then took a turn for the dramatic on day 5. with the release of a very embarrassing (for Apple) advisory on an astonishingly easy root escalation exploit through the Apple 'repair permissions' facility.

It turns out that the directory holding all the instructions for disk management is not protected, meaning anyone can go in there and modify the 'receipts', then invoke Apple code and gain access to everything.

PDF and OmniWeb exploits followed, and then MOAB moved into dramatic day 8.

Increasingly suspicious not everything with the fanboy MUFF ('Month of Unsupported Fanboy Fixes') team was on the up and up, the MOAB team sent out strategic feelers, offering a modicum of cooperation for the duration of the month.

As expected, the MUFFers turned MOAB down, but not before Rosnya had a chance to really put his foot in his mouth.

And then MOAB dropped a bomb - actually several bombs in quick succession.

Bomb #1: the new MOAB exploit was for the very tool the MUFFers were using to counteract the MOAB exploits. And not just exploit either: MOAB exposed a gaping hole in Unsanity's notorious APE which allowed (again) root privilege escalation on the local machine.

Almost immediately the exploit was released the other team began crying foul - but this, it turns out, was 'socially engineered' by MOAB.

Bomb #2: the root escalation exploit, although genuine, was actually part of a rather elaborate trick - a 'setup'.

Using a trick known as a canary trap the MOAB team were able to single out and isolate their 'leak' - and it was precisely those fanboys who'd gone yelling foul who were caught in the trap.

And so in one fell swoop the MOAB team completely out-finessed the MUFFers, catching them (in particular Jason Harris of Unsanity) with their hands in the cookie jar - and they still had a root escalation exploit against their software product.

Four DMG exploits and one AppleTalk exploit followed, but the Apple fanboy community still haven't got their heads screwed back on.


Remnants of the fanboy militia remain, seemingly unaware their side already surrendered.

Stephen Withers of IT Wire in Australia continues to eschew looking into the technical details of MOAB and to insist Rosnya and Harris are doing everything out of the goodness of their hearts with no thought or possibility of remuneration.

Charles Arthur of the otherwise estimable Guardian in the UK sets about blasting the MOAB team only to later admit he basically doesn't know what a 'root privilege escalation' is.

In what remains of the Apple fanboy community he's in good company.

See Also
A Month of Apple Fanboys
MOAB Drop Zero Day on Stunned Fanboy World
Pandora's Box
A Totally Unsane Privilege Escalation
MOAB 8 Fallout
Jeffrey Czerniak
The Canary Trap, the Leak, and the Mole
Month of Unsupported Fanboy Fixes
Apple Security
What the World Needs Now is More Hackers
Notre Frère Petard
Landon Fuller
Repair Pink Permissions
The Voice of Fairness
Scrambled Rosnya
Not Easy But Cool

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.