Apple Mac flaw gives hackers 'super status,' root access

Summary:A five-month old flaw allows hackers to bypass authentication protocols by altering clock and user timestamp settings.

credit-splashdata-v1
Credit: Splashdata

An unaddressed five-month-old flaw in Apple's Mac OS X gives hackers near unlimited access to files by altering clock and user timestamp settings.

As reported by Ars Technica, a bug discovered five months ago has received renewed interest due to the creation of a new module in testing software Metasploit, which can life easier for hackers looking to exploit the Mac vulnerability.

The bug revolves around a Unix component called sudo. The program is designed to require a password before "super user" privileges are granted to an account -- giving access to other user files -- and the flaw works around this authentication process by setting a Mac's clock back to Jan 1, 1970, the Unix epoch, a way to describe instances in time. By setting the clock back to 1-1-1970, the beginning of time for the machine -- as well as altering the sudo user timestamp -- it is possible for hackers to gain root access without the need for a password.

Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although useful for researchers to pinpoint and correct security flaws, this can also be used to make exploiting the sudo vulnerability easier.

All versions of OS X from 10.7 through to the current 10.8.4 version remain vulnerable.

However, the vulnerability -- (CVE-2013-1775) -- does have limitations. In order for hackers to exploit this security flaw, they must already have administrator privileges, and the user must have ran sudo at least once previously. In addition, the hacker needs to have either physical or remote access to the machine in question.

"The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit," HD Moore, the founder of Metasploit, told the publication. "I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package."

Topics: Security, Apple, iOS

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.