OS X Vulnerability Can Allow Superuser Access to Unauthorized Users

FilevaultUsers looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.

The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.

OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.

Top Rated Comments

batchtaster Avatar
97 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
Score: 10 Votes (Like | Disagree)
sjinsjca Avatar
97 months ago

"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.


Admin != root
Score: 8 Votes (Like | Disagree)
pdjudd Avatar
97 months ago

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.

So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
Score: 8 Votes (Like | Disagree)
mikethebigo Avatar
97 months ago
Sudo make me a sandwich.
Score: 6 Votes (Like | Disagree)
RabidMacFan Avatar
97 months ago
You don't need to run metasploit to exploit this bug.

The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.

sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su

To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.

To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
Score: 6 Votes (Like | Disagree)
Dalton63841 Avatar
97 months ago

"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
Score: 6 Votes (Like | Disagree)

Top Stories

iphone 5s black slate

Images of Unreleased iPhone 5s in Black and Slate Shared Online

Sunday January 17, 2021 9:47 am PST by
Twitter user @DongleBookPro has today shared images of a prototype iPhone 5s in an unreleased Black and Slate color. The iPhone 5s was launched in September 2013. The device featured Touch ID, a 64-bit processor, and a True Tone LED flash for the first time. Other new features included a five-element lens with an f/2.2 aperture, a 15 percent larger camera sensor, Burst Mode, and Slo-Mo...
iP12 charge airpods feature 2

Hidden iPhone 12 Hardware Feature Could Still be Unlocked

Thursday January 14, 2021 2:51 am PST by
All iPhone 12 and iPhone 12 Pro models purportedly have a hidden reverse wireless charging feature, according to an FCC filing. The feature has not yet been activated, but could yet be unlocked for an upcoming Apple accessory. The FCC filing suggests that iPhone 12 models contain the hardware for Wireless Power Transfer (WPT) to accessories: In addition to being able to be charged by a...
google maps detailed street level e1611052089473

Google Maps Gains Enhanced Street-Level Detail in Four Major Cities

Tuesday January 19, 2021 2:34 am PST by
Google Maps has quietly been updated to include significantly more detailed street-level information in a handful of key cities around the world. Upon zooming in, Google's maps for Central London, Tokyo, San Francisco, and New York now benefit from shapes and widths that match the scale of roads more accurately. Meanwhile, enhanced graphical representations of sidewalks, crosswalks,...
macbook pro flexgate

Apple Extends 13-Inch MacBook Pro Backlight Repair Program

Sunday January 17, 2021 10:31 am PST by
Apple this week extended its worldwide 13-inch MacBook Pro Display Backlight Service Program, authorizing coverage for eligible notebooks for up to five years after the original purchase date or up to three years after the start date of the program, whichever is longer. The previous cutoff was four years after the original purchase date. Apple launched the program on May 21, 2019 after...
lg wing

LG Considering Exit From Smartphone Business, Halts LCD Production for iPhone

Wednesday January 20, 2021 5:38 am PST by
LG is considering exiting the smartphone business entirely amid declining shipments and accrued losses of $4.5 billion over the past five years (via The Korea Herald). LG CEO Kwon Bong-Seok cautioned staff earlier today that the company is re-evaluating its presence in the smartphone industry: Since the competition in the global market for mobile devices is getting fiercer, it is about...
airpods max sim ejector

AirPods Max Headband Removable With Just a SIM Ejector Tool, Hinting at Interchangeable Headbands

Tuesday January 19, 2021 8:25 am PST by
It is possible to remove the headband of AirPods Max with just a standard SIM card ejector tool, hinting at the possibility of interchanging headbands to achieve a different colorway. Image via Prelook In December, MacRumors revealed the large variety of AirPods Max ear cushion color combinations when it became clear that they were magnetically attatched and available for sale separately....
macbook pro screensaver table

Some M1 Macs Affected By Fast User Switching Screensaver Bug

Monday January 18, 2021 1:57 am PST by
A growing number of user reports online suggest some of Apple's M1 Mac models are susceptible to a Fast User Switching bug that spontaneously activates the screensaver and leaves the user unable to dismiss it. In macOS Big Sur, Fast User Switching allows users to quickly switch between user accounts without having to completely log out. Based on posts in the MacRumors forums, Apple...
Top Stories 43 Feature

Top Stories: MacBook Pro, iMac, Mac Pro, and iPhone Rumors, Best of CES 2021

Saturday January 16, 2021 6:00 am PST by
This week was sure a busy one in the Apple world, with a flurry of announcements out of CES early in the week followed by a rash of Mac- and iPhone-related rumors later in the week. The new rumors this week included details on updated MacBook Pro, iMac, and Mac Pro models, as well as a few other tidbits, so make sure to read on below to get caught up! Kuo: New MacBook Pro Models to...
shot on iphone 12 apple

Apple Highlights Photos Shot by iPhone 12 Users: Portraits, Cityscapes, and More

Tuesday January 19, 2021 6:05 am PST by
Apple today shared a gallery of photos shot by customers using the iPhone 12 mini, iPhone 12, iPhone 12 Pro, and iPhone 12 Pro Max, with scenes including cityscapes, landscapes, portraits of people, and more at day and night. Shot on iPhone 12 Pro Max by "NKCHU" in China (top) and shot on iPhone 12 Pro Max by Rohit Vohra in India (bottom) iPhone 12 mini and iPhone 12 models have a dual camera ...
Apple and Hyundai feature

Apple Car Production Again Linked to Kia Motor's US Plant in Georgia

Tuesday January 19, 2021 4:19 am PST by
Hyundai intends to transition the company's Apple Car involvement to its Kia brand as part of an internal arrangement that could see production move to the U.S., according to a new report today. On Sunday, Korea IT News reported that Apple and Hyundai are seeking a partnership agreement for the upcoming Apple Car by March, and that the electric vehicles could be made at a Georgia factory...