OS X Vulnerability Can Allow Superuser Access to Unauthorized Users

FilevaultUsers looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.

The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.

OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.

Top Rated Comments

batchtaster Avatar
108 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
Score: 10 Votes (Like | Disagree)
sjinsjca Avatar
108 months ago
"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

Admin != root
Score: 8 Votes (Like | Disagree)
pdjudd Avatar
108 months ago
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.

So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
Score: 8 Votes (Like | Disagree)
mikethebigo Avatar
108 months ago
Sudo make me a sandwich.
Score: 6 Votes (Like | Disagree)
RabidMacFan Avatar
108 months ago
You don't need to run metasploit to exploit this bug.

The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.

sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su

To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.

To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
Score: 6 Votes (Like | Disagree)
Dalton63841 Avatar
108 months ago
"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
Score: 6 Votes (Like | Disagree)

Popular Stories

macbook pro 13 inch banner

Apple Planning Five New Macs for 2022, Including Entry-Level MacBook Pro Refresh

Sunday December 5, 2021 7:55 am PST by
Apple is working on five new Macs for launch in 2022, including a new version of the entry-level MacBook Pro, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman said that he expects Apple to launch five new Macs in 2022, including: A high-end iMac with Apple silicon to sit above the 24-inch iMac in the lineup A significant MacBook Air...
apple watch series 7 aluminum colors

2022 Apple Watch Lineup Rumored to Include New Apple Watch SE and 'Rugged' Model for Sports

Sunday December 5, 2021 8:22 am PST by
Apple is planning an entire revamp of its Apple Watch lineup for 2022, including an update to the Apple Watch SE and a new Apple Watch with a rugged design aimed at sports athletes, according to respected Bloomberg journalist Mark Gurman. Writing in the latest installment of his Power On newsletter, Gurman said that for 2022, alongside the Apple Watch Series 8, Apple is planning an update to ...
airtag in hand

Apple AirTag Linked to Increasing Number of Car Thefts, Canadian Police Report

Friday December 3, 2021 7:10 am PST by
Apple's AirTags are being used in an increasing number of targeted car thefts in Canada, according to local police. Outlined in a news release from York Regional Police, investigators have identified a new method being used by thieves to track down and steal high-end vehicles that takes advantage of the AirTag's location tracking capabilities. While the method of stealing the cars is largely ...
1x 1

Apple CEO Tim Cook 'Secretly' Signed $275 Billion Deal With China in 2016

Tuesday December 7, 2021 6:49 am PST by
Apple CEO Tim Cook "secretly" signed an agreement worth more than $275 billion with Chinese officials, promising that Apple would help to develop China's economy and technological capabilities, The Information reports. In an extensive paywalled report based on interviews and purported internal Apple documents, The Information revealed that Tim Cook personally forged a five-year agreement...
ipad air arrive feature

iPad Pro With Wireless Charging, iPad Air 5, and iPad 10 Reported to Debut in 2022

Sunday December 5, 2021 8:54 am PST by
Apple is preparing to update three of its iPad models in 2022, including the entry-level iPad, iPad Air, and iPad Pro, according to Bloomberg's Mark Gurman. In his latest "Power On" newsletter, Gurman reiterated Apple's plans to release a new iPad Pro in 2022, featuring a new design and wireless charging, and clarified the company's intention to release new versions of the entry-level iPad...
2021 MBP SD Card Error Feature

Some SD Cards Not Working Properly With 2021 14 and 16-Inch MacBook Pros

Monday December 6, 2021 2:02 pm PST by
The SD card reader slot on the new 14 and 16-inch MacBook Pro models is not functioning as expected with some SD cards, according to multiple reports on the MacRumors forums. In a long complaint thread, MacRumors readers have detailed the issues that they're having with some SD cards, and there seems to be little consistency between reports and affected SD cards. Some SD cards crash and...
airpods pro blue holiday 3

Deals: AirPods Pro With MagSafe Available for $169.99 and Christmas Delivery on Amazon ($79 Off) [Update: Expired]

Monday December 6, 2021 6:03 am PST by
Amazon today has Apple's AirPods Pro with MagSafe Charging Case for $169.99 and delivery before Christmas Day, down from an original price of $249.00. This is $10 off from the rock bottom $159.99 price tag we tracked on Black Friday and Cyber Monday, and still a great deal for anyone shopping this holiday season. Note: MacRumors is an affiliate partner with Amazon. When you click a link and...
life360 app

Tile Buyer Life360 Selling Precise Location Data on Millions of Users

Monday December 6, 2021 1:05 pm PST by
Location tracking service Life360 has been selling the precise location data of tens of millions of its users, according to a new report shared by The Markup. Life360 bills itself as a "family safety platform" app that is meant to allow family members to keep tabs on one another with tracking software that's installed on smartphones, and there are both Android and iPhone apps. The...