A bug in the Mac OS X was uncovered five months ago and is now of renewed concern. It gives hackers almost unlimited access to files when they alter clock and user timestamp settings.
Ars Technica reports that this bug is now a real concern because of a new testing module in Metasploit, which can make it easier for hackers to exploit Mac OS X vulnerabilities. Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although it’s a useful tool for locating and correcting flaws, it can also be used by cybercriminals to exploit a Unix component called sudo.
Sudo requires a password before “Superuser” privileges are granted. The flaw is in the authentication process where the clock in the Mac OS X can be set back to Jan 1, 1970, (the beginning of time for the machine) and alter the sudo-user timestamp settings. As a result hackers can obtain root access without using a password.
A post on the Common Vulnerabilities and Exposure (CVE) page explains further:
“sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.”
The good news is that for hackers to exploit this flaw, they must have administrator privileges, and have previously run the sudo. They also need physical or remote access to the device.
According to HD Moore, the Founder of Metaspoit:
“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit.”