Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Tweet-Sized Exploit Can Get Root On OS X 10.10

Posted by timothy on from the special-circumstances dept.

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."

5 of 130 comments (clear)

  1. Misleading and Hyperbolic Title/Comparison by Galaga88 · · Score: 5, Interesting

    Fact[0]: The code for this exploit could fit within a tweet (which is to say: 140 characters.)

    Fact[1]: Despite referring to tweets and Twitter, this exploit can't occur via Twitter. The attacker already has to have local access.

    A lot of security exploits could fit within a tweet, but I've never seen that comparison before. It misleads people into thinking that you can pwn a Mac via Twitter.

  2. Known vulnerability? by TwentyCharsIsNotEnou · · Score: 4, Interesting

    Already fixed in the (preview) next OSX version - is that by luck or design?

    Makes me wonder how many known vulnerabilities Microsoft / Apple / Google have on their buglist that will only be fixed when they become publicly known.

  3. Negative by xdor · · Score: 4, Interesting

    Just tested this on my Mac in OS X -- grants root level access immediately.

  4. Re: How the hell does this get into live software? by markus · · Score: 4, Interesting

    The bug is stupid. No doubt about that. But it's not quite as stupid as you think.

    The bug is not actually in the setuid application, but it is in the system wide dynamic loader that is needed to execute the setuid application.

    So, a naive programmer could be excused to think that they don't need to worry about security as it is not immediately obvious that the code executes with elevated privileges.

    Of course a more seasoned developer should have noticed. It's not that difficult to spot, especially as dynamic loaders are known to have had security bugs before. I think even Linux was affected at one time.

  5. Re:See..... by Noah+Haders · · Score: 3, Interesting

    I could not imagine a metrosexual urban hipster at burning man. lol. my favorite part about the event is that there are actual signs that say "no shirtcocking". it's ok to be clothed, it's ok to be naked, but to wear a shirt and no bottoms is creepy.