OS X Vulnerability Can Allow Superuser Access to Unauthorized Users

FilevaultUsers looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.

The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.

OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.

Top Rated Comments

(View all)
Avatar
91 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
Score: 10 Votes (Like | Disagree)
Avatar
91 months ago

"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.


Admin != root
Score: 8 Votes (Like | Disagree)
Avatar
91 months ago

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.

So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
Score: 8 Votes (Like | Disagree)
Avatar
91 months ago
Sudo make me a sandwich.
Score: 6 Votes (Like | Disagree)
Avatar
91 months ago
You don't need to run metasploit to exploit this bug.

The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.

sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su

To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.

To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
Score: 6 Votes (Like | Disagree)
Avatar
91 months ago

"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
Score: 6 Votes (Like | Disagree)

Top Stories

iPhone Maker Foxconn Says China's 'Days as the World's Factory Are Done'

Wednesday August 12, 2020 7:55 am PDT by
China will no longer be the world's manufacturing epicenter going forward, according to Apple's largest supply chain partner Foxconn, which has been gradually expanding its operations in other countries amid the U.S.-China trade war. "No matter if it's India, Southeast Asia or the Americas, there will be a manufacturing ecosystem in each," said Foxconn chairman Young Liu, according to Bloombe...

Leaker Jon Prosser: Apple Watch and iPad Launching in September, iPhone 12 Event to Take Place in October

Wednesday August 12, 2020 4:31 pm PDT by
Apple last month confirmed that this year's iPhone 12 models will launch outside of their normal September timeframe and will be "available a few weeks later," which has led to speculation about when an event might be held. Leaker Jon Prosser, who sometimes shares accurate knowledge of Apple's plans, today said that Apple will hold its iPhone 12 event during the week of October 12, with...

Apple Takes Legal Action Against Small Company With Pear Logo

Saturday August 8, 2020 11:09 am PDT by
Apple is taking legal action against the developers of the app "Prepear" due to its logo, according to iPhone in Canada. Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of "Super Healthy Kids," and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear's logo, ...

Apple to Launch Bundled Subscription Services Called 'Apple One'

Thursday August 13, 2020 3:41 am PDT by
Apple will launch a new range of subscription service bundles called "Apple One" as soon as October, according to a new report by Bloomberg's Mark Gurman. The series of bundles would allow customers to subscribe to several Apple digital services together. This is expected to result in a lower monthly price than when the services are subscribed to individually. Bloomberg reports that the...

Apple Releases iOS and iPadOS 13.6.1 With Fix for Storage Issue and Green Tinted Displays

Wednesday August 12, 2020 1:31 pm PDT by
Apple today released iOS and iPadOS 13.6.1, minor updates that come a month after the release of the iOS 13.6 update with Car Keys and Audio Apple News+ stories. The iOS and ‌iPadOS‌ 13.6.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General > Software Update. iOS 13.6.1 addresses an issue that could cause...

Apple May Release 4G-Only iPhone 12 in Early 2021

Tuesday August 11, 2020 5:28 am PDT by
In a research note shared by Business Insider, Wedbush Securities analysts said that Apple may release a cheaper iPhone 12 in early 2021 with no 5G connectivity. Wedbush initially believed Apple would launch a mix of 4G and 5G iPhone 12 models this fall. Following re-examination of Asian supply chains, analysts Daniel Ives, Strecker Backe, and Ahmad Khalil revised the predictions,...

Apple Removes Fortnite From App Store [Update: Epic Files Lawsuit Against Apple]

Thursday August 13, 2020 11:58 am PDT by
Just hours after Epic Games introduced a new direct payment option for Fortnite that skirts Apple's in-app purchase rules, Apple has pulled the Fortnite app from the App Store. Fortnite is no longer available for download on the iPhone or the iPad, and Apple provided a statement to MacRumors on Fortnite's removal:Today, Epic Games took the unfortunate step of violating the App Store...

iPad Pro Keyboard Comparison: Logitech's $160 Folio Touch vs. Apple's $300 Magic Keyboard

Tuesday August 11, 2020 2:11 pm PDT by
Logitech recently debuted the Folio Touch, a keyboard and trackpad case designed for the 11-inch iPad Pro that serves as an alternative to the Magic Keyboard. In our latest YouTube video, we compare the $160 Folio Touch to Apple's $300 Magic Keyboard to see which is better. Subscribe to the MacRumors YouTube channel for more videos. Logitech is selling the Folio Touch for $160, while Apple's...

Apple Releases macOS Catalina 10.15.6 Supplemental Update With Virtualization Bug Fix

Wednesday August 12, 2020 1:20 pm PDT by
Apple today released a supplemental update for macOS Catalina 10.15.6, with the update coming a month after the original launch of macOS Catalina 10.15.6. The ‌‌macOS Catalina‌‌ 10.15.6 Supplemental Update can be downloaded from the Mac App Store using the Update feature in the System Preferences app. According to Apple's release notes, the update fixes a problem that could cause...

Kuo: Global iPhone Shipments Could Decline Up to 30% If Apple Forced to Remove WeChat From App Store [Updated x2]

Sunday August 9, 2020 10:17 pm PDT by
In a worst-case scenario, Apple's annual global iPhone shipments could decline by 25–30% if it is forced to remove WeChat from its App Stores around the world, according to a new research note from analyst Ming-Chi Kuo viewed by MacRumors. The removal could occur due to a recent executive order aiming to ban U.S. transactions with WeChat and its parent company Tencent. Kuo lays out...