Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

OSX.Exploit.Launchd

OSX.Exploit.Launchd

Discovered:
30 June 2006
Updated:
30 June 2006
Systems Affected:
Mac
OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

Antivirus Protection Dates

  • Initial Rapid Release version 30 June 2006
  • Latest Rapid Release version 31 May 2016 revision 036
  • Initial Daily Certified version 30 June 2006
  • Latest Daily Certified version 01 June 2016 revision 005
  • Initial Weekly Certified release date 05 July 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

An attacker who exploits this vulnerability could elevate the privileges of his local account on an Apple Mac OS X computer.

OSX.Exploit.Launchd is a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command:
launchctl load [MALICIOUS FILE NAME]

Once executed, the malicious code is run inside the process of LaunchD which runs with root privileges.

Next, it opens a shell with full root privileges which is controllable by the attacker.
Writeup By: Costin Ionescu