Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New OS X 10.10.5 Privilege Escalation Vulnerability Discovered
- Thread starter MacRumors
- Start date
- Sort by reaction score
Of course it is not a courtesy to Apple, but a vulnerability can at any time be exploited. Giving Apple a wide timeframe creates the opportunity for delays and obscurity, as we have seen with the previous vulnerability. Just because that one developer doesn’t disclose it, doesn’t mean that no one else knows of it. I’d rather know of those vulnerabilities and take precautions. Apple should also feel a bit more heat and devote more resources to adequate security response.
For the average user? Sure. But I know at least one university that is very nervous about their multiple computer labs full of iMacs. It's a pretty big deal.
That definitely wasn't this program not vulnerability. This vulnerability has to be run from your Mac, not downloaded as an application from your browser.
BL.
That's my point. If deployed in a lab, university, or enterprise environment, this could be severe. All it takes is compiling it one place for one type of architecture for it to be distributed to any other Mac.
However, in a lab or Enterprise environment, where it is mainly iMacs, they aren't going to be as portable. So Find My Mac wouldn't really need to be enabled on those, so the Guest Account wouldn't need to be enabled, allowing unfetted, password-free access to the iMac. If tied to some sort of Directory protocol (Active Directory, LDAP, etc.), such work could be traced to the person that released it. So while it may be a big deal, that university could easily bait this as a trap for the malevolent user.
That may be true, but developers have a set of ethics (s)he should abide by. He is showing a complete lack of ethics in the way that he released this. On every security list I have been on (including Secunia and Bugtraq) the discoverer of the vulnerability always would let the vendor know of the vulnerability and give them time to patch it before announcing the vulnerability. Even the JB teams here (TaIG, Pangu, evad3rs) do that. This guy did not.
If you think that is fair for him to do, perhaps you should reexamine your ethics as well.
BL.
i0n1c already has a patch out against this:
https://twitter.com/i0n1c/status/633214096658317312
https://twitter.com/i0n1c/status/633214535130841088
BL.
Without meaning to sound facetious. How else would you attack a computer if you don’t have physical or network access? Or am I just being too simplistic?
I don’t feel vulnerable at all at the moment, (maybe I should), but what I’m most eager to see is how quickly Apple react to this similar exploit.
I agree with you but large corporations have a set of ethics too and they don’t always abide by them. In fact behind the scenes I guarantee you they don’t. What they tend to do is weigh up the potential impact, subtract a bit for what they think will actually be the real impact, subtract a bit more for luck and then weigh this up against the cost and time they will have to suffer.
Whoaaa! The fail is epic in this post! Noob alert! Have you EVER seen a Command shell on OS X? Just once maybe? But you do know that the concept of "command lines" exist on OS X? You know, the thingy with the keyboard...errr... okay, forget it! Keep tapping on your screen. Go on. Nothing to see here...
I'm not so worried about this because a malicious problem can already do all the damage it needs without root access. This XKCD comic is relevant:
... Actually, my situation is a bit better because my secret stuff is encrypted in my keychain, root access or not, and I lock it. What more can they do with root access, wipe out my OS? Big deal.
... Actually, my situation is a bit better because my secret stuff is encrypted in my keychain, root access or not, and I lock it. What more can they do with root access, wipe out my OS? Big deal.
Did it ever occur to you that most people have absolutely no idea what a terminal looks like and don't care ?
Plus, last security issue could be exploited in ~100 characters : that could fit in a terminall.
As for the developer not warning Apple : no amount of time he would have waited before he released it would have been enough. In fact, I wouldn't mind if everyone did that, so Apple would understand they actually have to start patching stuff quickly instead of waiting months or even years before considering it.
If you want to assign developers ethics, then I guess you should start by mentioning the OS developers' ethics (meaning, Apple's). Apple:
- doesn't offer bug bounties
- sometimes doesn't even react to the bug reports
- when there's a reaction it uses to take months or more (and still some people praise them!?)
- doesn't always acknowledge the bug reporter
- doesn't EVEN make it easy to report and track bugs
Attacks like this can be piggy-backed onto other attacks to make them much more severe than they otherwise would be. It could also be exploited by malicious software.
All true. I wasn't directing my post at you specifically, just mainly at the people who always blow off local privilege escalation as a minor problem.
It's a big problem if combined with another exploit, such as browser exploits which allow code execution, even if not root privileges. Once they can execute code on your device through some other means, they can exploit this and gain remote root access. Browser exploits are a dime a dozen. It's probably the least secure code on your computer and it also is the one most used to handle untrusted code from strangers.
I'm not so worried about this because a malicious problem can already do all the damage it needs without root access. This XKCD comic is relevant:
... Actually, my situation is a bit better because my secret stuff is encrypted in my keychain, root access or not, and I lock it. What more can they do with root access, wipe out my OS? Big deal.
Compromising individual machines to steal information is actually not that common. Usually once they have control, they sell or rent out your computer for use in a botnet, as a spam server, child porn server, etc. The guy hacking your machine is almost never the one using it directly. As you can imagine, root access makes this significantly easier to do and harder to detect.