Claims of a Mac Worm Incite Blogging Brawl

Researchers, Apple lovers, and Apple doubters are caught up in an online verbal free-for-all that's akin to a cyber version of the Hatfields and McCoys.

The online hubbub is all over an anonymous blogger claiming to have built proof-of-concept code for a vulnerability in Apple's Mac OS X. Security researchers and Apple fans have been closely following blog entries on the Infosecsellout blog by an anonymous poster. The blogger, who claims he's a researcher, says he's being paid to create a Mac worm using the vulnerability, but he has no plans to release the code into the wild. He doesn't say who is paying for his research.

The bug he's working to exploit is the MDNSResponder vulnerability, which was patched in Apple's last security update.

As of mid-afternoon on Thursday, there were 64 blog comments about the claim. The back-and-forth quickly turned into verbal attacks, with posters sparring over the validity of the blogger's claims to have created a Mac worm and over whether or not a worm can even be created for the Mac.

A comment from someone only identified as Stephen wrote, "I know that no OS is secure. But I'm tire of hearing how vulnerable Mac OS X is to various exploits. Where are these exploits? And don't give me that market share stuff. It's either a legitimate target or its not."

And Szlevi wrote, "Since this tool could be badly abused it's obvious he won't post it, rightfully so - he'll pass it to Apple, that's the perfect way to deal with it, Jobs & Co can take care of their security holes. Rest of the story is nothing but clueless Apple fans are living in denial: you have to drag them kicking and screaming to the conclusion that OS X is nowhere better than any other OS..."

Another commenter logged on as 'anonymous' and said, "if it was true... You wouldnt hide... This supossed to be huge... You can be famous!... but of course is false info... so You are and always be a looser!"

It's gotten to the point that the arguments have started to overshadow the original blog posting about the potential Mac worm.

"Some of the commentary is more interesting than the possibility of the exploit code for Apple," said Dave Marcus, a security research manager for McAfee Avert Labs, in an interview. "There are people on extreme sides of the house... Lots of people use Apple and are very, very devoted and say it's more secure than Windows and nothing bad could ever happen to it. At this point and time, nobody has really written a bad worm for it, so they think no one ever can, and that's just not the case. When somebody comes out and says I've got proof of concept, people are going to challenge it, and say I want to see it, you're lying."

Researchers at SecurityFocus call the flaw being exploited a boundary condition error, and say proof-of-concept code has been created. They also noted that exploiting the bug enables remote attackers to execute arbitrary machine code with super-user privileges.

Marcus said it's obviously a plus that Apple already released a patch for the bug. The problem is that it sometimes takes weeks or months for individual users and companies to bring their software up to date