MAC Security BugA bug in the Mac OS X was uncovered five months ago and is now of renewed concern. It gives hackers almost unlimited access to files when they alter clock and user timestamp settings.

All versions of OS X from 10.7 through 10.8.4 are at risk of being hacked.

Ars Technica reports that this bug is now a real concern because of a new testing module in Metasploit, which can make it easier for hackers to exploit Mac OS X vulnerabilities. Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although it’s a useful tool for locating and correcting flaws, it can also be used by cybercriminals to exploit a Unix component called sudo.

Sudo requires a password before “Superuser” privileges are granted.  The flaw is in the authentication process where the clock in the Mac OS X can be set back to Jan 1, 1970, (the beginning of time for the machine) and alter the sudo-user timestamp settings. As a result hackers can obtain root access without using a password.

A post on the Common Vulnerabilities and Exposure (CVE) page explains further:

“sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.”

The good news is that for hackers to exploit this flaw, they must have administrator privileges, and have previously run the sudo.  They also need physical or remote access to the device.

According to HD Moore, the Founder of Metaspoit:

“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit.”

Ernie Sherman

I have a strong passion for helping Ottawa Businesses, Entrepreneurs and professionals to become more productive and successful while allowing them to feel at ease and secure when it comes to their Information Technology needs. As the President of Fuelled Networks since 1998, I specialize in providing no-nonsense flawless and prompt technical support to Ottawa businesses, with in-depth consulting on Fortinet, Microsoft, Microsoft Cloud Stack and security. I strive to help businesses to succeed and take great pride in building long-lasting positive relationships and taking on a strong leadership role within the Ottawa community.

Published On: 30th August 2013 by Ernie Sherman.