Intego Security Memo

News > Press Releases

Macintosh

Dual Protection (Mac + Windows)

Macintosh Enterprise

Free Trial

ContentBarrier FileGuard Internet Security Barrier NetBarrier Personal Antispam Personal Backup VirusBarrier

ContentBarrier DP Internet Security Barrier DP VirusBarrier DP

Remote Management Console VirusBarrier Server and VirusBarrier Mail Gateway

Buy Now Upgrade Update Renew Free Trial

Support Knowledge Base Software Registration User Manuals Software Updates Bug Report

Press Releases Latest Software Releases

Overview Press Releases Careers Contact Us

INTEGO SECURITY MEMO - OCTOBER 25, 2006
INQTANA.D BLUETOOTH EXPLOIT

Exploit: Inqtana.d Bluetooth exploit

Discovered: October 24, 2006

Risk: Low

Description: This proof-of-concept exploit, which has not yet been seen in the wild, is installed on a Mac OS X computer via Bluetooth from a computer or PDA running a Linux system. This can affect Macs running Mac OS X 10.3 and 10.4 that have not been updated with all available security updates or system updates. Bluetooth must be active, but Bluetooth file transfer does not need to be turned on. The attacking computer must be within Bluetooth range, which, by default is 10 m or 30 ft, but can be extended with repeaters and/or antennas.
This exploit is installed from a Linux system, and exploits an rfcomm security hole in Bluetooth software. Unlike previous versions of Inqtana malware, no user interaction is required. It installs a user account (named "bluetooth"), with no password, which grants root access to malicious users logging into this account. This account is available immediately, and the Mac OS X 10.4 computers do not need to be restarted (Macs running OS X 10.3 do need to be restarted).

The exploit installs a number of files on computers it attacks, and the user account it installs contains a backdoor that allows malicious users to log into that account by any network means (Ethernet or AirPort). Once the exploit has been installed, Bluetooth is no longer needed to take advantage of it. Users with updated Mac OS X systems will already have installed a security update that protects against this vulnerability.

Means of protection: Intego VirusBarrier X and VirusBarrier X4 (http://www.intego.com/virusbarrier/), with virus definitions dated October 24, 2006 or later, protect against this exploit.

Apple's security update 2005-005 (http://docs.info.apple.com/article.html?artnum=301528) protects against this vulnerability in Mac OS X 10.3; Apple's Mac OS X 10.4.7 update (http://docs.info.apple.com/article.html?artnum=303973) protects against this vulnerability in computers running Mac OS X 10.4. If users have not installed these updates, they should do so, along with all subsequent security updates.

If, however, users' computers have been compromised before applying the updates mentioned above, the damage will be done, and the backdoor will remain installed. The only way to ensure that this backdoor is removed is to run Intego VirusBarrier X4.

About Intego
Intego develops and sells desktop Internet security and privacy software for Macintosh.

Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego's multilingual software and support repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan.

As the dangers of the Internet grow, Intego is hard at work, developing new software to protect users and their Macs from the latest security and privacy threats.

We protect your world.

home | contact