Utility software

Second OS X malware emerges, but risk is low

A second piece of Mac OS X malware has emerged this week, though this one poses a very limited threat, thanks in part to Apple’s own response. Security software maker F-Secure Corp. describes Inqtana.A, a Java-based “proof of concept” worm that exploits a vulnerability in Bluetooth on some Macs that haven’t been updated with Panther and Tiger security patches.

The chances of Mac users actually being affected by Inqtana.A are remote, however — even F-Secure notes that it hasn’t seen the worm “in the wild.” What’s more, Inqtana.A has an internal counter that prevents its operation after February 24, 2006. And Apple has also patched the vulnerability in free system updates.

Bluetooth is a short-distance, low-speed wireless networking technology used to connect computers, printers, PDAs, smartphones and other devices — it’s become commonplace on the Mac in recent years.

Inqtana.A exploits a vulnerability called Bluetooth File and Object Exchange Directory Traversal: An infected machine could send an Object Exchange (OBEX) Push request to another system; if the user accepted the data transfer, Inqtana.A could then use the exploit to copy its files to start automatically on the next reboot. Once restarted, Inqtana.A could use the host machine to find other devices that accept OBEX Push transfers and try again.

The Directory Traversal exploit was documented in May, 2005. Apple Security Update 2005-006 for Mac OS X v10.3.9 and Mac OS X v10.4.1 closed the hole. Apple also integrated that security change into Mac OS X v10.4.1’s general release. F-Secure claims that Inqtana.A is specific to Mac OS X v10.4.

So presuming you’re up to date with Tiger and Panther system updates or security updates, you’ve nothing to worry about. What’s more, Bluetooth’s range is very limited — even in a worst-case scenario, you’d only need to be concerned if you were accepting files from other Bluetooth-equipped Macs that were within range (Bluetooth’s effective range is about 30 feet or so).

The existence of Inqtana.A elicited an “I told you so” from security software maker Symantec senior director Vincent Weafer.

“We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend,” said Weafer in a statement.

Weafer advised diligence to Mac users, warning that Inqtana.A’s source code “could be easily modified by a future attacker to do damage.”

Subscribe to the Help Desk Newsletter

Comments