The weakness is reported in Norton AntiVirus for Macintosh 9.x-10.x, Norton Internet Security for Macintosh 3.x, Symantec AntiVirus for Macintosh 10.0 and 10.1. Linux and Windows versions are not affected.
This weakness can be exploited by malicious, local users to gain escalated privileges.
It is caused due to insecure permissions on the “/Library/Application Support” folder. This can be exploited to execute arbitrary code as the “root” user by e.g. replacing a certain application within the affected folder or tricking the Disk Mount scanner into launching an arbitrary executable by renaming folders.
Since it requires local access, it shouldn’t be very dangerous, but coming on the release of the porno trojan, it does show that Mac users need to be more vigilant than they have been.
See the announcement here.
