Online fraudsters may be ready to put Mac users in their sights.
On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights.
"We won't disclose the exact technique used here--it's a feature not a bug--but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires Copy permissions."
Vulnerability researchers have increasingly focused on finding flaws in the Mac OS. During the month of November, two serious flaws in Apple's operating system were disclosed as part of the Month of Kernel Bugs (MoKB) project. Researchers and attackers have also focused more on turning vulnerabilities into exploit code, according to a recent report published by Symantec, the owner of SecurityFocus.
The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.
Posted by: Robert Lemos