Privilege escalation bug

Discussion in 'macOS' started by Traverse, Apr 9, 2015.

  1. Traverse macrumors 603

    Traverse

    Joined:
    Mar 11, 2013
    Location:
    Here
    #1
    According to Apple Insider there is a serious security flaw in OS X that can allow malware to gain root privileges to any OS X Lion, Mountain Lion, and Mavericks system.

    According the article it was fixed with OS X 10.10.3, but will not be fixed in prior versions.

    What do you think?
     
  2. mtasquared macrumors regular

    mtasquared

    Joined:
    May 3, 2012
    #2
    Are the WiFi issue and slow PDF preview issue resolved by now? I'm on mountain lion and like it that way unless Apple truly wants to force me onto Yosemite. Not happy.
     
  3. Eithanius macrumors 65816

    Joined:
    Nov 19, 2005
    #3
    Just another cheap publicity stunt by Apple to get everyone on board Yosemite knowing that their market share is fragmented... Thank goodness I'm still on Snow Leopard...

    Inb4 anyone says SL deprecated and not secure...
     
  4. ricede macrumors regular

    ricede

    Joined:
    Aug 16, 2010
    Location:
    Inside
    #4
    Privilege escalation bug

    I read about this bug this morning & that  are not going to fix it in Lion/Mountain Lion/Mavericks.

    i didn't really understand the 'real world' situation for the average mac user.

    Is this the moment when EVERYONE with one of the older OS's HAS to upgrade to Yosemite ???

    Any clarification of this would be appreciated. Thanks.
     
  5. jhorsman macrumors newbie

    Joined:
    Mar 9, 2015
  6. ricede macrumors regular

    ricede

    Joined:
    Aug 16, 2010
    Location:
    Inside
    #6
    Yes thats the one. Any suggestions would be welcome.
     
  7. jhorsman, Apr 10, 2015
    Last edited: Apr 10, 2015

    jhorsman macrumors newbie

    Joined:
    Mar 9, 2015
    #7
    Looking around is telling me mainly that it is a bug that allows Admin privileges to Admin Enabled accounts without typing their passwords. So it creates an attack vector to escalate priveledges. So got a couple of ways to work around it.

    1. Create a Secondary admin account and strip your day to day account of Admin rights and 2. Also let Apple know your concern.

    2. Watch what you are doing with no action on your part. (Not acceptable to me, but the risk is up to you. It is your Data/Machine.) For the bug to even be a threat, someone has to gain access to your machine. This can be Malware, remote management, etc. Due diligence comes into play for this one.

    3. Upgrade to 10.10.3

    4. Wait to see if Apple does address it for 10.9, 10.8, etc. It is ZdNet and Nothing official has really come out.

    Each Option has its Pro's and Cons. The decision is up to you and how you feel about your Operating Systems security. <Removed due to further research, I cannot stand by my own statement now due to severity of the issue from the author of the exploit.>
     
  8. ricede macrumors regular

    ricede

    Joined:
    Aug 16, 2010
    Location:
    Inside
    #8
    Sounds the way to go . Thanks
     
  9. jhorsman macrumors newbie

    Joined:
    Mar 9, 2015
    #9
    Well, this isn't good. Did further research on the exploit itself from the author of the exploit. So my recommendation is now due diligence and separate the roles. And complain to Apple.

    https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

    What bothers me is...

    "But I actually found a way to make it work for all users later, which means that the exploit is no longer limited to admin accounts only. It is as simple as sending nil to authenticateUsingAuthorizationSync instead of using the result of [SFAuthorization authorization]:"
     
  10. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #10
    This would not solve the issue since it's a privilege escalation vulnerability. The ability to get admin privileges from a non-admin account is the crux of the problem.
    That Apple has opted to not patch this in 10.8.5 and 10.9.5 yet still provide the illusion that they're maintaining security patches for those versions of OS X is egregious.
     
  11. jhorsman macrumors newbie

    Joined:
    Mar 9, 2015
    #11
    I agree with you 100 Precent. The only true answer at this time is to go to 10.10.3 Reason why I kept it in and not removed it, as an end user we can only do two things in this scenario and not got to 10.10.3. Be aware and mitigate with defense in depth. Enough awareness will perhaps force Apple to fix it. Mitigation is stop-gap at best. Remember, it is local privlidge esclation. Got to get the payload on the machine first. As I said before, everything has its Pros and its Cons and it is up to you to decide acceptable risk.
     
  12. Raima macrumors 6502

    Joined:
    Jan 21, 2010
    #12
    I would suggest for people to contact the major apple tech journalists to bring their attention to it. With enough media awareness, it would be in Apple's best interest to roll the update to the other affected OS X systems.

    I contacted Hannah from smh.com.au in Australia. Do your part people!
     
  13. rockosmodurnlif macrumors 65816

    rockosmodurnlif

    Joined:
    Apr 21, 2007
    Location:
    New York, NY
    #13
    If true, this should be a front page story.
     
  14. mtasquared macrumors regular

    mtasquared

    Joined:
    May 3, 2012
    #15
    I complained to Apple!

    Well I consider Yosemite to be beta software because the updates are beta. Some people who stay with established OSX versions because they need stability/security to be paramount are being cast aside by Apple. I wrote a complaint to Apple through their customer support channel but they also gave me their website for complaints: http://www.apple.com/feedback/. I hope someone listens.
     
  15. Traverse thread starter macrumors 603

    Traverse

    Joined:
    Mar 11, 2013
    Location:
    Here
    #16

    I reported to them as a tip.
     
  16. ricede macrumors regular

    ricede

    Joined:
    Aug 16, 2010
    Location:
    Inside
    #17
    Sent to Tim Cook email address today

    Dear Mr Cook,

    I have read that Apple are not going to support this latest Security Flaw in Mavericks / Mountain Lion / Lion. In the 18 years that i have been a loyal supporter of Apple, I have always understood that Apple rigorously supported their previous OS's.

    Some of us are not happy with Yosemite and do not wish to upgrade. Are we to understand that we must leave our systems open to attack, because it is too much work to support a large part of your user base.

    If we can no longer rely on you to do the right thing, then I think that this it is really sad. It is a telling state of affairs of where Apple are heading, when the pursuit of money overrides common sense & decency.

    Yours very sincerely
     
  17. Eithanius macrumors 65816

    Joined:
    Nov 19, 2005
    #18
    Please send it to tcook@apple.com...
     
  18. ricede macrumors regular

    ricede

    Joined:
    Aug 16, 2010
    Location:
    Inside
    #19
    As i said in the title - Sent to Tim Cook email address today
     
  19. Roadstar macrumors 6502a

    Roadstar

    Joined:
    Sep 24, 2006
    Location:
    Vantaa, Finland
    #20
    Me too. I'm actually happy (as far as it's applicable to something like this) about the timing since I'm just about to upgrade storage on my mid-2011 dual hard drive Mac mini. I'm going from 128GB SSD + 500GB HDD to 500GB SSD + 1TB HDD, and my initial plan was to allocate some of the space to boot camp (which I'm going to virtualize with VMware Fusion for improved access). I was thinking about something like a 75/25 split between OS X and Windows, but now I think I'll be going for 50/50 to have more options if Apple has indeed adopted the "we'll patch only the current OS version" approach in OS X as well.
     
  20. mtasquared macrumors regular

    mtasquared

    Joined:
    May 3, 2012
    #21
    Alright I have a battle plan since I intend to keep using mountain lion. I added a standard account to switch into when surfing. I put gatekeeper on its most restrictive setting. In general I have hardened the os in accordance with most recommendations. One thing I will not do is enable filevault, because I want my files to be visible to boot camp and to my family in case of personal disaster but filevault is a mitigation, according to Lars (the bug discoverer).
     
  21. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #22
    I know, Valentine's day is long gone but this Apple episode inspires me to share those three little words that mean so much. Shoddy irresponsible ********.

    Within the conclusion to How to fix rootpipe in Mavericks and call Apple's ******** bluff about rootpipe fixes | Reverse Engineering Mac OS X (2015-04-13):

    Last but not least:

     
  22. grahamperrin, Jul 1, 2015
    Last edited: Jul 1, 2015

    grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #23
    Vulnerabilities in Mac OS X Lion, OS X Mountain Lion and Mavericks

    If "The fixes are there" meant that parts of Yosemite El Capitan can be used to patch vulnerabilities in Lion, Mountain Lion or Mavericks: I look forward to technical advice. Ideally with reference to CVE-2015-1130.


    Understanding

    @Tubamajuba please, why did you quote my post but not read the first linked topic within that quote? If you had done so, you could have understood why my plans include neither Microsoft Windowsnor an older operating system.

    2015-07-02 06-39-23 screenshot.png
     

Share This Page