Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Tweet-Sized Exploit Can Get Root On OS X 10.10

Posted by timothy on from the special-circumstances dept.

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."

4 of 130 comments (clear)

  1. Twit by Anonymous Coward · · Score: 2, Insightful

    As small as a tweet and still too big to fit in the summary.

  2. Re:Misleading and Hyperbolic Title/Comparison by fyngyrz · · Score: 3, Insightful

    Furthermore, local access pretty much is the end of the road anyway. Boot from the right CD with a custom filesystem that ignores HD filesystem permissions and yet allows you to set them any way you want, system is now wide open. Replace a few choice commands that you know are going to run, and bang, fully compromised. And that's just one of the many easy ways in to access as the system stands. You can also copy off the entire HD, or for that matter, erase it. Or both. You can compromise a command for a way in, copy an otherwise encrypted volume and walk off with it, break the encryption at your leisure, then use the previously installed compromise to get in and cause mayhem.

    If you don't have physical security and there is any kind of local threat of compromise, you could become toast at any time. These kinds of "threats" are insignificant in the larger scheme of things. If you need local security, the only sufficient mechanism is to physically deny access to the computer.

    --
    I've fallen off your lawn, and I can't get up.
  3. Re:Explains It by Galaga88 · · Score: 3, Insightful

    Is it a wireless keyboard? Could the um, batteries be going out? Or maybe Bluetooth interference?

    I'm just not sure I'd jump straight from malfunctioning keyboard to rooted, even if my firewall wasn't up. Is your router even forwarding any ports to your Mac?

  4. Sarcasm... by moosehooey · · Score: 3, Insightful

    No, you're the one that's stupid, because you failed to see that the OP was being sarcastic.