Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Mac OS X With Installer Packages

Posted by ryuzaki0 on from the why-not-to-run-as-admin dept.

nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.

4 of 194 comments (clear)

  1. Thank You! by nuckin+futs · · Score: 2, Funny

    from TFA:
    Read my previous guide to securing Mac OS X and do not run as an admin user for daily activities.
    Moreover, if you must run as the administrator, do not install packages from non-reputable sources without cracking open the package

    Well, thank you, Captain Obvious!

  2. Re:Let me get this straight ... by spir0 · · Score: 2, Funny

    3. People will double-click anything.

    As an addendum to this I'd like to add that most users will double click on anything, and when nothing happens, they will continue to double click until something either does happen or their mouse finger falls off, or their computer dies. Whichever happens first.

    --
    The reason girls and Windows users don't understand UNIX is because all the documentation is in Man files.
  3. Re:Well... by Anonymous Coward · · Score: 3, Funny
    A reputable company would not risk the lawsuits with distributing known hacked packages.
    What about the Sony roo... nevermind, missed the "reputable" part.
  4. Whew! by cciRRus · · Score: 4, Funny

    Good thing I'm using Windows.

    --
    w00t