Symantec the Virus Slayer reported sighting a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. It provides root access on the Macintosh OSX version 10.4.6 or earlier.

When OSX.Exploit.Launchd is executed, the malicious bug performs the following actions:

1. Exploits the Apple Mac OS X LaunchD Local Format String Vulnerability which may elevate the privileges of a remote attacker's local account on an Apple Mac OS X computer.
2. Uses a crafted .plist configuration file for LaunchD service. In order to exploit LaunchD the attacker must execute the command: launchctl load [MALICIOUS FILE NAME]
3. Runs inside the process of LaunchD which runs with root privileges.
4. Opens a shell with full root privileges which is controllable by the attacker.

However the company also said the Apple Trojan as a minor threat as it has not spread widely and easily removed. To help minimize attacks Symantec gave the following recommendations:

• Always keep virus protection program up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.).
• Enforce password policy to prevent or limit damage when a computer is compromised.
• Configure email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate infected computers quickly.
• Train employees not to open attachments unless they are expecting them.

If your Mac is already infected, you may download the removal tools from Symnatec.