A five-month-old security flaw spotted by Ars Technica allows superuser access to Macs, a March report reveals.
Researchers at Metasploit, an open-source software framework that streamlines the exploitation of vulnerabilities on multiple platforms, have found an authentication bypass vulnerability which includes traveling through time. By invoking the sudo command and then resetting the date, the computer will turn over root privileges without a password.
Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can’t be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn’t mean it’s a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.
All versions of OS X, from OS X Lion 10.7 to the currently popular OS X Mountain Lion 10.8.4, are vulnerable to this exploit.
“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit,” HD Moore, the founder of the Metasploit project and the chief research officer at security firm Rapid7, told Ars. “I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package.”