Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Mac OS X With Installer Packages

Posted by ryuzaki0 on from the why-not-to-run-as-admin dept.

nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.

3 of 194 comments (clear)

  1. Re:Let me get this straight ... by Nutria · · Score: -1, Troll
    How the heck is this modded flamebait? Are most OS/X users as security-stupid as Windows users?

    --
    "I don't know, therefore Aliens" Wafflebox1
  2. Re:Well... by Anonymous Coward · · Score: -1, Troll

    So basically what's being said here is "a user should know better".

    Funny, that's what Windows Power Users have been saying for a long, long time, and Mac users laughed.

    So, as more Macs do get hacked, and more ways to hack them come forward, I'll sit back and laugh. Perhaps call all Mac users stupid for using Macs since this stuff is possible.

    Karma. :)

  3. Re:So, in summation by Anonymous Coward · · Score: -1, Troll
    So how is it not having any games to play? (And no, iTunes is not a game.)
    Oh no, I don't have many games to play! DEAR GOD, WHAT WILL I DO? I might actually have to do something worthwhile! THE HORROR!

    When you grow up, you'll realize that most adults don't play "video games", and yet somehow they seem to get by. Have you ever considered that a lot of people simply don't like wasting time playing video games? Or that they *shudder* just don't enjoy them?