Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Flaw Affects 1500 iOS Apps While Apple's OS X 10.10.3 'Rootpipe' Fix Proves Incomplete [Updated]

Westside guy

Westside guy

macrumors 603
Oct 15, 2003
6,343
4,160
The soggy side of the Pacific NW
mgroover said:
The key here is using this with a remote code execution exploit. As an example, there are already ways to exploit this remotely with metasploit and @OSXReverser has published work on how to install root kits in conjunction with the exploit.
Click to expand...

From what I've seen, Metasploit's access to patched OS X boxes depends on Java over the web. Smart people should have disabled Java in the browser long ago - they'll never miss it. Another frequently popular vector, Flash, can be mitigated with FlashBlock.

But, unfortunately a lot of people haven't learned their lesson with regards to either technology.

However I pointed out the guest account access because that is present on pretty much all modern OS X boxes, and is enabled by default for some reason. Giving unauthenticated users access that way just seems dumb - even without the presence of Rootpipe. Local privilege escalation exploits are just not that uncommon on pretty much any mainstream OS - including Linux and Windows (maybe not on the BSDs, but they're not exactly mainstream).
 
R

Rigby

macrumors 603
Aug 5, 2008
6,222
10,168
San Jose, CA
Westside guy said:
From what I've seen, Metasploit's access to patched OS X boxes depends on Java over the web. Smart people should have disabled Java in the browser long ago - they'll never miss it. Another frequently popular vector, Flash, can be mitigated with FlashBlock.

But, unfortunately a lot of people haven't learned their lesson with regards to either technology.
Click to expand...
If you read the Apple security updates (HT1222) you'll see that almost every OS X update contains fixes for Safari vulnerabilities that potentially allow remote code execution. There are many such vulnerabilities in other browsers as well. This problem is not limited to plugins.
However I pointed out the guest account access because that is present on pretty much all modern OS X boxes, and is enabled by default for some reason.
Click to expand...
The guest account is disabled by default.
 
C

ctone

macrumors regular
Nov 28, 2006
103
4
Upon further investigation, the "Ask To Join Networks" function in iOS only asks you when no known (ones joined previously) wifi networks are available, but other (unknown) wifi networks are. All known networks are still joined without you being notified. So, turning that feature on adds no security whatsoever.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom