Cisco Learning Network Store Promotions Page

8.30.2013

Apple Mac flaw gives hackers 'super status,' root access

Summary: A five-month old flaw allows hackers to bypass authentication protocols by altering clock and user timestamp settings.
 
An unaddressed five-month-old flaw in Apple's Mac OS X gives hackers near unlimited access to files by altering clock and user timestamp settings. 
 
As reported by Ars Technica, a bug discovered five months ago has received renewed interest due to the creation of a new module in testing software Metasploit, which can life easier for hackers looking to exploit the Mac vulnerability.
 
The bug revolves around a Unix component called sudo. The program is designed to require a password before "super user" privileges are granted to an account -- giving access to other user files -- and the flaw works around this authentication process by setting a Mac's clock back to Jan 1, 1970, the Unix epoch, a way to describe instances in time. By setting the clock back to 1-1-1970, the beginning of time for the machine -- as well as altering the sudo user timestamp -- it is possible for hackers to gain root access without the need for a password. 
 
Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although useful for researchers to pinpoint and correct security flaws, this can also be used to make exploiting the sudo vulnerability easier. 
 
All versions of OS X from 10.7 through to the current 10.8.4 version remain vulnerable. 
 
However, the vulnerability -- (CVE-2013-1775) -- does have limitations. In order for hackers to exploit this security flaw, they must already have administrator privileges, and the user must have ran sudo at least once previously. In addition, the hacker needs to have either physical or remote access to the machine in question.
 
"The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit," HD Moore, the founder of Metasploit, told the publication. "I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package."
 
~ Charlie Osborne  

Related Posts

0 comments: