OS X Bug Exploited To Infect Macs Without Need For Password

← Back to Stories (view on slashdot.org)

OS X Bug Exploited To Infect Macs Without Need For Password

Posted by Soulskill on Tuesday August 4, 2015 @06:20PM from the sooner-or-later dept.

An anonymous reader writes: A new flaw has been discovered in the latest version of OS X which allows hackers to install malware and adware onto a Mac without the need for any system passwords, researchers say. The serious zero-day vulnerability was first identified last week and results from a modified error-logging feature in OS X Yosemite which hackers are able to exploit to create files with root privileges. The flaw is currently found in the 'fully patched' OS X 10.10.4, but is not in the newest 10.11 El Capitan beta – suggesting that Apple developers were aware of the issue and are testing a fix.

5 of 127 comments (clear)

Min score:

Reason:

Sort:

Also fixed in 10.10.5 by Anonymous Coward · 2015-08-04 18:27 · Score: 4, Informative

It's also already fixed in the latest 10.10.5 beta.
1. Re: Also fixed in 10.10.5 by perpenso · 2015-08-04 19:14 · Score: 5, Informative
  
  I just installed Win10 via upgrade and rather easily turned off almost all the reporting features within minutes from the control panel.
  You could have turned off the reporting from the installer by selecting the custom configuration option.
Better link by phantomfive · 2015-08-04 19:15 · Score: 5, Informative

Here is a better link with more technical details.

It's a privilege escalation exploit, so an attacker would already need shell access on your computer to get something done. Every OS has privilege escalation vulnerabilities, because it's much harder to close all the holes when you allow someone to execute arbitrary code on a system.

That said, this is a particularly braindead bug from Apple, and it is worrisome because it shows they aren't thinking about security, or don't have proper processes in place to ensure the system stays secure. Their programmers should have known better than to create that kind of environment variable so lightly.

--
"First they came for the slanderers and i said nothing."
1. Re:Better link by Dutch+Gun · 2015-08-04 19:29 · Score: 4, Informative
  
  Ugh, don't give this asshole more traffic. I think there's a reason few people are linking to his blog directly. He released the details of this bug without even attempting to contact Apple. When asked why he didn't do so, he replied "Why should I?" Later he states that "Responsible disclosure is simply a way of redirecting blame for a vulnerability from the vendor to the reporter." Right on his blog he's advertising his own presentations. Essentially, he's making news about this at the expense of user safety in order to promote himself and his services.
  A real piece of work.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
Privlege escalation exploit change looks like this by CraigCruden · 2015-08-04 20:31 · Score: 4, Informative

if run "sudo cat /etc/sudoers" it will print out the file in question. The section normally looks like:

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL

If it has been changed to include a new user or make changes at the end of any of the lines to add "NOPASSWD:ALL" then you have been affected:

eg.
username ALL=(ALL) NOPASSWD:ALL