Windows 10 News and info | Forum
April 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Apple OS X zero-day flaw hands over root access without system passwords  (Read 2784 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29943

I Do Windows

WWW Email
« on: August 04, 2015, 08:27:45 PM »

A week after the disclosure of a zero-day vulnerability an active exploit has been spotted in the wild.

A zero-day flaw which allows attackers to gain root access to Mac systems is now being exploited online.
Last month, security researcher Stefan Esser disclosed a privilege escalation vulnerability in OS X which impacts OS X 10.10.x by way of the dynamic linker dyld and environment variable DYLD_PRINT_TO_FILE features, newly added to the operating system.

It was unclear at the time whether Apple knew about the security flaw as the problem has been patched in the first beta versions of OS X El Capitan 10.11, but not in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5. While Esser did not inform Apple of the bug at the time of public disclosure, it is believed the iPad and iPhone maker may have known about the vulnerability through an earlier disclosure by another researcher.

Unfortunately, it seems the zero-day vulnerability is already being exploited in OS X.

Malwarebytes researcher Adam Thomas spotted the exploit after stumbling upon a new adware installer. During testing on an OS X machine, Thomas realized his sudoers file had been modified. The sudoers file is a hidden Unix file which decides who is permitted root permissions in a Unix shell, and how this is granted.

In this case, the vulnerability allowed the adware installer to gain root permissions via a Unix shell without requiring password permissions from an administrator.

The exploiting script which uses the DYLD_PRINT_TO_FILE vulnerability is written to a file, executed and then deleted. The script changes the nature of the sudoers file to allow shell commands to be executed as root without passwords before launching the VSInstaller app.

Granted full root permissions, the app -- found in a hidden directory on the adware installer's disk image -- is then able to download whatever it pleases.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 12, 2019, 11:54:35 AM