Apple Yosemite operating system local to mention the right to: EXP length of not more than a Twitter-bug warning-the black bar safety net

2015-07-25T00:00:00
ID MYHACK58:62201565069
Type myhack58
Reporter 佚名
Modified 2015-07-25T00:00:00

Description

Apple's latestoperating systemYosemite was broke a local mention the right vulnerability, the vulnerability is by the German security researcher Stefan Esser discovered and has been in OS X 10.10-10.10.4 version of the test is successful. If you want to fix the vulnerability, please upgrade to the Yosemite beta. Super simple exp The use of this exp, you can easily bypass Apple's protection, and to get Mac OS X Yosemite Management Permissions, and everything needed is just the simple can be put on Twitter in the code. So far, Yosemite10. 1 0 is Mac all theoperating systemthe most stable a system, The amount of users not to be underestimated, so there will be a lot of users are affected by this vulnerability. iOS, OS X Senior Research expert Stefan Esser said that the security vulnerability may be malware and the attacker eventually controls the entire computer. The problem is caused by Yosemite called DYLD_PRINT_TO_FILE the environment variable to cause, at a specified file system called a dynamic linker of theoperating systemcomponent to record the error message. Once this environment variable is a permission of program abuse, the attacker can even modify the root super-user privileges under any of the documents. @Stefan Esser posted on Twitter a Reddit user Numint released a short exp of: ! The command is as follows: echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo-s Are using OS X 10.10-10.10.4 version of the partner can simply test it:) Brief explanation: The exp by the whoami command output the current username in the user name after add ALL=(ALL) NOPASSWD:ALL, and then by DYLD_PRINT_TO_FILE environment variable Output to a specific file/etc/sudoers the. Familiar with Unix friends all know, as long as the success of the current user added to the sudoers list, the current user can obtain root privileges. Next, use the newgrp command to log in to the new group, and finally with the sudo-s command is successful the user is not authorized to get to the root shell. As a result, you'll capable you like anything, modify the files, install malware, create new user, and so on. Safety recommendations This defect appears in Yosemite the latest version of OS X 10.10. 4 and Beta 1 0. 1 0. 5. You only have to upgrade to the Yosemite beta OS X 10.11, to from vulnerability. The fact proves once again, as long as you keep up with Apple in the footsteps of the timely update of the system, there will be a return. If can't timely update the system, you can install Esser of SUIDGuard to protect your Mac.