SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
24 Jul 2015

Privilege escalation vulnerability found in OS X

Security researcher Stefan Esser published the details of a vulnerability in OS X a couple weeks ago that allows an attacker to gain root privileges.

This week, Esser’s findings are back in the spotlight, due to some controversy regarding how this was done. Most people, though, are probably more interested in what the vulnerability is and how it might affect them.

The problem, in essence, is a root privilege escalation bug. Every Unix system, and OS X is no exception, has many hidden users defined by the system, besides the one or more that the average person is aware of (ie, the ones that show up on the OS X login screen). The root user is the highest of these, the one and only user that has access to everything. For this reason, access to the root user is tightly controlled. An attacker with root privileges can literally do anything to your system.

Although there are ways to gain root privileges on your Mac, they should require you to provide an admin user password, which is something an attacker hopefully won’t have. This is the issue with root privilege escalation bugs. They provide an attacker with a way to achieve root privileges without needing to know your password or anything else.

This is definitely a problem, but fortunately, it’s a smaller problem than it sounds like. First, because exploiting it requires an attacker to have some kind of access to your computer to begin with, either through some kind of physical or remote access, or through finding a way to get malware installed on your computer.

Assuming a hacker could gain that kind of access, though, this privilege escalation really doesn’t do much beyond possibly make malicious changes to your system harder to find. Malware can infect your system perfectly well, and do all the things it needs to do, without ever gaining root privileges.

The bigger problem in this story is the fact that this vulnerability, along with all the necessary information to exploit it, was disclosed by Esser without any effort to alert Apple to the problem. (In his blog post revealing the vulnerability, Esser says “At the moment it is unclear if Apple knows about this security problem or not.”)

Vulnerabilities get disclosed all the time. The problem is, researchers typically will try to abide by the ideal of responsible disclosure; ie, reporting the issue to the vendor whose product is affected, and giving them some time to fix it before going public. By not doing this, Esser has created a situation where many hackers have now become aware of a bug they weren’t previously aware of, and have full knowledge of how to exploit it.

(It could be argued that some hackers may have already known about it. However, it’s certain that most hackers did not, and now they do.) Of course, all responsibility for this issue doesn’t fall on Esser’s shoulders alone. After all, Apple wrote the code.

Further, according to information that has come out since Esser’s article was posted, they were informed about it some time ago by a South Korean researcher going by the Twitter handle “beist” (who did not seem pleased at the public release of this information). Apple needs to get a fix for this bug in place quickly at this point!

The question on most readers’ minds at this point is probably how to defend against this. Fortunately, the bug only exists in Yosemite (OS X 10.10), while previous versions of OS X and betas of El Capitan (OS X 10.11) are unaffected. For those using Yosemite, however, there’s no easy answer. Short of using software developed by Esser to protect against the bug he disclosed (trust issues, anyone?), the best way to protect yourself is to practice safe computing.

Don’t let someone you don’t know have physical or remote access to your computer, and be very careful about what you download and open. If untrusted people may have physical access to your computer, turn on FileVault in the Security & Privacy pane of System Preferences, to encrypt your hard drive and prevent anyone with physical access from being able to tamper with your system while you’re not watching.

Tags:
information leaks OS X
Source:
Malwarebytes Unpacked
2040
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015