VirusBarrier developer Intego has sent out a security memo for what it terms a “low risk” exploit to Mac OS X involving Bluetooth. The exploit, called Inqtana.d, is a proof-of-concept that hasn’t been seen “in the wild” — in other words, it’s not known to have actually affected any users.
The latest permutation of a malware threat that first came to light earlier this year, Inqtana.d depends on security holes in Macs running Mac OS X v10.3 and 10.4 that haven’t been updated with all available security updates or system updates, according to Intego.
Inqtana.d is installed on a Mac via Bluetooth from a computer or PDA running Linux, Intego claims. The attacking computer needs to be within Bluetooth range — approximately 30 feet or so. Inqtana.d exploits an “rfcomm” security hole in Bluetooth software. But unlike previous implementations of Inqtana, it doesn’t require any user interactive — a user account called “bluetooth” is created, which grants root access that can then be exploited for malicious use (once the computer is restarted, in the case of Mac OS X v10.4 “Tiger”).
Intego also said that the Inqtana.d malware installs additional software, and the user account includes a “backdoor” which lets users log in through that account using Ethernet or AirPort.
“Users with updated Mac OS X systems will already have installed a security update that protects against this vulnerability,” noted Intego.
Apple has already posted a security update for Mac OS X v10.3 and Mac OS X v10.4.7, both of which close this particular exploit — but if you haven’t updated your Mac with those, it remains at risk.
“If, however, users’ computers have been compromised before applying the updates mentioned above, the damage will be done, and the backdoor will remain installed. The only way to ensure that this backdoor is removed is to run Intego VirusBarrier X4,” said Intego.