`Dump to text file if you find easier.
Operating System: Max OS X Version Affected: up to 10.1
Security Risk: High
Mac OS X over the past few months have started to splout security
concerns, this being one of the first most publicized attacks on the
operating system. Once logged into Mac OS X, any user can obtain a root
shell by executing a few simple applications in specific order.
Mac OS X is already on computers in every sort of nature, even after the
administrator sets up multiple accounts with specific privledges keeping
the user from hacking a root prompt is not that simple.
Take a look at the vulnerability, afterwards we will describe how this
1. Open up the Terminal.app
2. Quit it.
3. Open up NetInfo Manager (leave it in the foreground)
4. Open up Terminal.app from the *RECENT ITEMS* list in the Apple Menu.
You will now see a terminal logged in as root shown with the # prompt,
this is because the application NetInfo Manager has root privledges and
told to be executed by the user with the systems allowance. There is a
misinterpritation of which user is logged in because a root privledged
program is running, thus by opening the Terminal.app from the recent items
you are brought to a root prompt.
Picture this: You walk through security with a secret agent, the officer
does a ID check to see if the agent have high enough status to carry a
weapon, he lets you and the agent in with the understanding that only the
agent can carry or use the weapon. Once you are in you take the weapon
from the agent, you do this because the person associated with you have
the rights, suddenly you have more power. You shouldn't because the access
was given to the one agent.
Apple should and will with the next update disable the security risk of
gaining root privledges from other programs. Bookmark this page to see
updates and user responces.
FIX! Apple has released a fix for this security issue, to fix the vulnerability simply launch Apple's Software
Update utility and start the download or download the fixes file here . Once download is complete and
update is finished you must restart for changes to take effect. This wil fix the security issue discussed within
It is said that this apparently is the case with all setuid root applications... Not good.... Submitted by Eric.C
You can temporarily patch this problem by going into a command shell and change the permissions of the
Setuid applications so that only root account and admin group have privileges to execute the program. Do
this by using the sudo command and chmod 770 setuid.app. This takes away all privileges to any user that
isn't root or admin. - will@pnl
Another user suggests keeping the password protected screensaver activated when away from the
computer, this will help to stop users from accessing the computer yet fails to stop users with accounts from
obtaining root privileges.