ALERT—A Mac Bug Is Cause For Concern


August 30, 2013

MAC Security BugA bug in the Mac OS X was uncovered five months ago and is now of renewed concern. It gives hackers almost unlimited access to files when they alter clock and user timestamp settings.

All versions of OS X from 10.7 through 10.8.4 are at risk of being hacked.

Ars Technica reports that this bug is now a real concern because of a new testing module in Metasploit, which can make it easier for hackers to exploit Mac OS X vulnerabilities. Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although it’s a useful tool for locating and correcting flaws, it can also be used by cybercriminals to exploit a Unix component called sudo.

Sudo requires a password before “Superuser” privileges are granted.  The flaw is in the authentication process where the clock in the Mac OS X can be set back to Jan 1, 1970, (the beginning of time for the machine) and alter the sudo-user timestamp settings. As a result hackers can obtain root access without using a password.

A post on the Common Vulnerabilities and Exposure (CVE) page explains further:

“sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.”

The good news is that for hackers to exploit this flaw, they must have administrator privileges, and have previously run the sudo.  They also need physical or remote access to the device.

According to HD Moore, the Founder of Metaspoit:

“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit.”

We're Integris. We're always working to empower people through technology.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...