MOAB childishness
[R]eally, "fixing" this stuff with APE is like using a radio-controlled robot to stick a band-aid on the arm of a running child
Well, looks like the MOAB fixes group will have to look for another solution (possibly something based on Rentzch’s low-level Mach tools; but these are never real "solutions", only bandaids: the real fixes have to come from Apple and the vendors). Even if Unsanity releases a fix, it seems highly likely that another exploit will be posted:
Stay away from Application Enhancer. It’s flawed, and not just by this particular issue. If the developers have left a binary executed with root privileges at an user-writable path, they are certainly capable of doing other non-sense … a jackass third-party which has no security background at all and spends more time flaming and insulting on a delusional IRC channel than on real work (sic, stupidity is so vindictive!).
So things really are deteriorating into a nasty sideshow, with childishness and misleading or incorrect claims on both sides. I don’t doubt that APE has flaws, but this latest vulnerability seems to be more about ego-stoking and "p4wning" than anything else. I think the MOAB grey hats need to get back on track and report some real Apple security issues if they want to retain any credibility.