OS X Vulnerability Can Allow Superuser Access to Unauthorized Users

FilevaultUsers looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.

The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.

OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.

Top Rated Comments

batchtaster Avatar
138 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
Score: 10 Votes (Like | Disagree)
sjinsjca Avatar
138 months ago
"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

Admin != root
Score: 8 Votes (Like | Disagree)
pdjudd Avatar
138 months ago
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.

So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
Score: 8 Votes (Like | Disagree)
mikethebigo Avatar
138 months ago
Sudo make me a sandwich.
Score: 6 Votes (Like | Disagree)
RabidMacFan Avatar
138 months ago
You don't need to run metasploit to exploit this bug.

The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.

sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su

To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.

To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
Score: 6 Votes (Like | Disagree)
Dalton63841 Avatar
138 months ago
"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
Score: 6 Votes (Like | Disagree)

Popular Stories

iPhone 16 Camera Lozenge 2 Perspective Gray

Five Key Upgrades Coming to iPhone 16

Friday March 15, 2024 1:45 pm PDT by
The iPhone is Apple's top-selling product, and it gets an update every year. In 2024, we're expecting the iPhone 16 and iPhone 16 Pro lineup, with an arguably more interesting feature set than we got with the iPhone 15 and iPhone 15 Pro. Subscribe to the MacRumors YouTube channel for more videos. Capture Button All four iPhone 16 models are set to get a whole new button, which will be...
When To Expect New iPads Feature 1

Apple to Announce New iPads on March 26, Rumors Claim

Monday March 18, 2024 4:02 am PDT by
Apple is widely expected to release new iPad Air and OLED iPad Pro models in the next few weeks. According to new rumors coming out of Asia, the company will announce its new iPads on Tuesday, March 26. Chinese leaker Instant Digital on Weibo this morning 日发布%23">claimed that the date will see some sort of announcement from Apple related to new iPads, but stopped short of calling it an...
airpods 3 orange

Two New AirPods 4 Models Expected to Launch in September or October

Sunday March 17, 2024 7:56 am PDT by
Apple suppliers will begin production of two new fourth-generation AirPods models in May, according to Bloomberg's Mark Gurman. Based on this production timeframe, he expects the headphones to be released in September or October. Gurman expects both fourth-generation AirPods models to feature a new design with better fit, improved sound quality, and an updated charging case with a USB-C...
M3 iPad Feature 3

New iPads Likely to Begin Shipping in April

Monday March 18, 2024 9:52 am PDT by
Apple's new iPad Pro models with OLED displays will likely begin shipping to customers in April, according to information shared today by Ross Young, CEO of display industry research firm Display Supply Chain Consultants. Bloomberg's Mark Gurman also said the new iPad Pro models might not ship until "deeper" into April in his Power On newsletter on Sunday:I've repeatedly said that new...
iphone se 4 modified flag edges

iPhone SE 4 Expected to Depreciate Heavily

Tuesday March 12, 2024 9:04 am PDT by
Resale value trends suggest the iPhone SE 4 may not hold its value as well as Apple's flagship models, according to SellCell. According to the report, Apple's iPhone SE models have historically depreciated much more rapidly than the company's more premium offerings. The third-generation iPhone SE, which launched in March 2022, experienced a significant drop in resale value, losing 42.6%...
General iOS 17 Feature Orange Purple

iOS 17.4.1 Update for iPhone is Imminent

Monday March 18, 2024 5:27 am PDT by
iOS 17.4.1 and iPadOS 17.4.1 should be released within the next few days, with a build number of 21E235, according to a source with a proven track record. MacRumors previously reported that Apple was internally testing iOS 17.4.1. As a minor update for the iPhone, it will likely address software bugs and/or security vulnerabilities. It is unclear if the update will include any other changes. ...
Reasons to Not Upgrade to macOS Sonoma 14

macOS Sonoma 14.4: Reasons Not to Update

Monday March 18, 2024 9:36 am PDT by
Since Apple unveiled macOS Sonoma 14.4 on March 7, the transition to the latest software update has not been entirely smooth for everyone, and a number of issues have been reported by users that significantly impact their daily workflow. This article lists the most prominent challenges users have faced since updating to macOS Sonoma 14.4, and offers potential solutions where available. USB...