An expert who claims to have a created a fully armed worm for the Mac OS X operating system has put the boot into security measures taken by programmers at Apple .
The worm exploits an mDNS flaw in Mac OS X's Bonjour network configuration tool which normally enables users to share printers, or automatically see other iChat AV users on the same network. The worm was created by an anonymous security expert at info Sec who posted details of the exploit on the Info Security Sellout blog.
Apple has a long way to go
The expert then goes on to say:
"I do believe in being responsible and working with vendors, but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."
Info Sec's comments were backed by David Aitel, chief technology expert at Immunity , another secure computing company.
Mac OS X is "horribly insecure"
Although Aitel is sceptical of any real damage the Info Sec worm might do - "Writing the exploit in one day... unlikely for anything other than a stack overflow," he also said sarcastically:
"I note that 'Infosecurity Sellout' is claiming there is another bug in mDNS which is wormable. This is obviously untrue, since there are no more remote bugs in OS X."
"No, I'm just being funny. OS X is horribly insecure."