Chaosmint :: No, Your Applications Directory IS Vulnerable in Mac OS X

Don't believe everything you read

With the release of new Mac OS X Trojan last week, there's been a lot of extreme reactions from Mac users. One thing everyone agrees on is that this particular worm/trojan is not a major threat to Mac users, since it was relatively contained and doesn't actually accomplish many tasks.

There is one misconception, however, that many Mac users are clinging to which is wrong. Even Jason O'Grady believes that the Leap.A trojan requires users to enter their admin password to cause any damage and this is simply NOT true.

Let me clear the air:

The Leap-A (Ooomp-A) trojan DOES NOT ask you for your admin password to modify your applications

Programs run by users with Admin accounts can modify application files without additional passwords. (And the vast majority of Mac OS X users are running under an Admin account, since that's the default for single user installations.)

Don't believe me?

Test It Yourself

Open your Applications Directory. Drag Safari into the trash. Does it ask you for your Admin password? No.

For comparison's sake: Open the root directory of your Hard Drive by clicking on your Hard Drive icon. Then double click on System. Then double click on Library. Try dragging a file from that directory into the trash. "Extensions.kextcache" for example. Mac OS X does ask you for your admin password to move this file to the trash.

More advanced users can enter the Terminal and try moving or deleting applications in their Applications directory themselves, and will also find that they are not prompted for any additional passwords.

Unix Permissions

All the applications in your Applications directory are under the Admin Group privileges. Excerpt from an explanation:

For example, under Mac OS X all "Administrator" users are members of the admin group. This allows users granted "administrator" rights to remove applications from the Applications folder and perform other operations that a user not in the admin group would not be able to perform.

Safari belongs to the "admin" group, as do all the applications in your Applications directory.

The system files belong to the "wheel" group.

Is the Sky Falling?

And this doesn't mean the sky is falling, or that Mac OS X is particularly vulnerable. It does mean that your Applications could be modifiable by a 3rd party application without your knowledge.

Some users have taken this opportunity to create a separate user account under Mac OS X without Admin privileges to use on a day to day basis. In this situation, the Admin password is asked when you try to modify your Applications directory.

iPhone Apps | iPhone Games


\| Home \| Articles \| About \|
home > articles > no, your applications directory is vulnerable in mac os x No, Your Applications Directory IS Vulnerable in Mac OS X The Oompa-A or Leap-A trojan on Mac OS X reveals a potential vulnerability to your Applications. Posted Sunday, February 19, 2006 Don't believe everything you read With the release of new Mac OS X Trojan last week, there's been a lot of extreme reactions from Mac users. One thing everyone agrees on is that this particular worm/trojan is not a major threat to Mac users, since it was relatively contained and doesn't actually accomplish many tasks. There is one misconception, however, that many Mac users are clinging to which is wrong. Even Jason O'Grady believes that the Leap.A trojan requires users to enter their admin password to cause any damage and this is simply NOT true. Let me clear the air: The Leap-A (Ooomp-A) trojan DOES NOT ask you for your admin password to modify your applications Programs run by users with Admin accounts can modify application files without additional passwords. (And the vast majority of Mac OS X users are running under an Admin account, since that's the default for single user installations.) Don't believe me? Test It Yourself Open your Applications Directory. Drag Safari into the trash. Does it ask you for your Admin password? No. For comparison's sake: Open the root directory of your Hard Drive by clicking on your Hard Drive icon. Then double click on System. Then double click on Library. Try dragging a file from that directory into the trash. "Extensions.kextcache" for example. Mac OS X does ask you for your admin password to move this file to the trash. More advanced users can enter the Terminal and try moving or deleting applications in their Applications directory themselves, and will also find that they are not prompted for any additional passwords. Unix Permissions All the applications in your Applications directory are under the Admin Group privileges. Excerpt from an explanation: For example, under Mac OS X all "Administrator" users are members of the admin group. This allows users granted "administrator" rights to remove applications from the Applications folder and perform other operations that a user not in the admin group would not be able to perform. Safari belongs to the "admin" group, as do all the applications in your Applications directory. The system files belong to the "wheel" group. Is the Sky Falling? And this doesn't mean the sky is falling, or that Mac OS X is particularly vulnerable. It does mean that your Applications could be modifiable by a 3rd party application without your knowledge. Some users have taken this opportunity to create a separate user account under Mac OS X without Admin privileges to use on a day to day basis. In this situation, the Admin password is asked when you try to modify your Applications directory. iPhone Apps \| iPhone Games
E-mail this page Printer-friendly page Copyright 2003, Chaosmint. Powered by Big Mediumi

No, Your Applications Directory IS Vulnerable in Mac OS XThe Oompa-A or Leap-A trojan on Mac OS X reveals a potential vulnerability to your Applications.

Don't believe everything you read

Test It Yourself

Unix Permissions

Is the Sky Falling?

No, Your Applications Directory IS Vulnerable in Mac OS X
The Oompa-A or Leap-A trojan on Mac OS X reveals a potential vulnerability to your Applications.