With today's focus on the release of iOS 5, and people worldwide refreshing the UPS shipping status page to check if the iPhone 4S left Hong Kong or Anchorage yet, a patch released for OS X Lion (10.7) came in under the radar. In addition to bringing us iCloud support and a good number of other security related patches, one issue sticks out as SUPER CRITICAL, PATCH NOW, STOP THAT iOS 5 DOWNLOAD.
That said: It is our policy not to link to exploit code. Search twitter and other outlets for links. We may reconsider if we see the code used maliciously. At this point, I am only aware of the PoC site. Please let us know if you spot it anywhere else.
NB: My Macbook failed to boot after applying the update. Still debugging why :(
Update: In my case, the Macbook boot failed because I had Symantec's PGP software installed. I didn't use the whole disk encryption, but PGP still installed drivers that turned out to be the problem. My recovery process:
- hold command+R during boot to boot into recovery mode (if you got a recovery partition
This did it for me. The next reboot went fine. For more details see the following sites that helped me get this working:
Defending Web Applications Security Essentials - SANS Munich July 2019
Oct 13th 2011
7 years ago