This message is a bit misleading, since we are actually running this as an admin user. You need administrator access to run this tool. They changed so that systemsetup requires root, even to display the help text! When systemsetup is run without root access, the following message is displayed (in 10.8.5 or later): $ systemsetup It turned out that, apart from patching sudo, Apple also changed another thing. We were both curious to find out the details of the fix. I talked to my colleague and software developer Philip Åkesson, about the fact that this exploit code uses systemsetup (command line utility) to modify the system time. The exploit code is very simple: $ sudo -k systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00 sudo su It felt boring that the vulnerability was more than a year old.
The first exploit I used was based on CVE-2013-1775, a sudo authentication bypass bug that was patched in version 10.8.5 (Sept 2013). I wanted to highlight that all software (yeah, even from Apple) contains vulnerabilities, and many are still to be discovered. Operating systems are built out of software, developers create this software, developers make mistakes, and mistakes can introduce security vulnerabilities. I wanted to show that OS X could be hacked just as easily as iOS or Android. This time it was a security conference for developers, and many of them use Apple OS X as their primary operating system. I’ve done many proof-of-concept hacks on iOS and Android before, to highlight what malicious code can achieve with vulnerable devices. I wanted to have something new to demo at a Security Conference for Developers in November 2014. TrueSec specialists speak at IT conferences worldwide. Why I started searching for vulnerabilities in OS X
#CHANGE ADMIN NAME OS X YOSEMITE UPGRADE#
We recommend that all users upgrade to 10.10.3.
#CHANGE ADMIN NAME OS X YOSEMITE PATCH#
OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the same functionality.Īpple has now released OS X 10.10.3 where the issue is resolved. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system. The Admin framework in Apple OS X contains a hidden backdoor API to root privileges.
0 kommentar(er)
