"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
OS X Vulnerability Can Allow Superuser Access to Unauthorized Users
Users looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.
Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.
OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.
[ 121 comments ]
Top Rated Comments
(View all)
68 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
68 months ago
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.
So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
68 months ago
"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
Admin != root
68 months ago
"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
68 months ago
You don't need to run metasploit to exploit this bug.
The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.
sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su
To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.
To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.
sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su
To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.
To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
68 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
From the original article:
The addition capitalizes on the fact that all versions of OS X from 10.7 through the current 10.8.4 remain vulnerable. While the bug also affected many Linux distributions, most of those require a root password to change the computer clock. Macs impose no such restrictions on clock changes thanks to the systemsetup binary.
68 months ago
Here's the point of the exploit:
1. Attacker gets a shell on your user account, perhaps by exploiting a browser vulnerability (CVE-2013-0983) or by emailing you a crafted image (CVE-2013-0975). Yes they are real, and those are only two that we know about. This is the hard part of exploitation.
2. Attacker can now read all your files, perform any actions that your user account can normally do. Usually attacker will stop here. Without knowing the system password, he can't perform system actions, primarily: can't read root-owned files, can't read files owned by other users, can't install kernel extensions, install hard-to-detect persistence, can't change passwords of other users, etc etc.
This is where the vulnerability comes in handy. if you just so happened to have ever run the "sudo" cmd successfully (as many devs do), and you are an administrative user (as the default user is in osx), the attacker can easily upgrade to a "root" shell. That's a bummer, and apple really should have patched this already, the sudo update has been around for 6 months or so now at least.
1. Attacker gets a shell on your user account, perhaps by exploiting a browser vulnerability (CVE-2013-0983) or by emailing you a crafted image (CVE-2013-0975). Yes they are real, and those are only two that we know about. This is the hard part of exploitation.
2. Attacker can now read all your files, perform any actions that your user account can normally do. Usually attacker will stop here. Without knowing the system password, he can't perform system actions, primarily: can't read root-owned files, can't read files owned by other users, can't install kernel extensions, install hard-to-detect persistence, can't change passwords of other users, etc etc.
This is where the vulnerability comes in handy. if you just so happened to have ever run the "sudo" cmd successfully (as many devs do), and you are an administrative user (as the default user is in osx), the attacker can easily upgrade to a "root" shell. That's a bummer, and apple really should have patched this already, the sudo update has been around for 6 months or so now at least.
68 months ago
"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
[ Read All Comments ]
In late August, a new accessory brand called Nimble emerged from a trio of former Mophie employees, offering customers various charging devices that are all built and shipped with a focus on the...
Satechi today announced the launch of a new Aluminum Type-C PD & QC Wireless Charger that's designed to charge iPhone and Android devices at their maximum wireless charging speeds.
For...
PayPal on eBay today is offering $100 App Store and iTunes gift cards for $85, marking the latest 15 percent discount on the cards and a good chance for those who have been waiting on a deal...
Apple has enhanced Spotlight search in macOS in recent years, with the addition of Spotlight Suggestions allowing it to tap into a variety of online data sources like weather and sports....
Apple has ceded its position to Walmart as the third largest online retailer in the U.S., according to a new report out this week (via TechCrunch).
Research provider eMarketer Retail calculates...
Adobe today updated its Lightroom app for iOS devices with support for Apple's latest iPhones and iPads.
Lightroom CC for iOS will now display properly on Apple's fall devices, including...
Tap, the company behind the futuristic Tap wearable keyboard, today announced the launch of a new TapAcademy app for iOS that's designed to make it easier to learn to use the keyboard.
Tap...
Verizon today announced the launch of a new "My Numbers" feature designed to let you add up to four additional numbers to a smartphone with unlimited calling and texting, for a total of five...
