Discussion in 'Article Discussion' started by Gareth Halfacree, 23 Jul 2015.
Fixed in 10.11 Beta.
I am regretting making the switch to mac more and more.
Can anyone who has a slightly better grasp over Kernel Extensions than me confirm that the provided code is behaving as expected and not an exploit in and of itself?
Side note, this exploit requires access to a terminal on you computer. Disable your guest account. This is probably the easiest entry point. If you work in a public environment, it would take 1-2 minutes to log in to the guest, open a terminal and run a damning script.
doubleedit (last one I promise):
crontab is blocked on guest accounts, so the basic "this_system_is_vulnerable" check won't work. But just to be safe...
Millions of Mac fanboys around the world will be sitting smugly ignoring any vulnerabilities because, as they all know, "Macs never get viruses"...
Baguette, doesn't the "this_system_is_vulnerable" check actually work - even on the guest account - because the DYLD_PRINT_TO_FILE system runs as root? From Gareth's article:
So the vulnerability allows code to effectively grant itself (or other code) escalated privileges.... which means that it's only a vulnerability if you download and run code that's been maliciously written, or allow someone malicious access to your Mac.
Both of these are high risk with or without this vulnerability. It's much easier for malicious software to ask for the admin password and grant itself root access. Installing dodgy software is dodgy no matter how it's dodgy. Letting dodgy folks access to your computer isn't wise even if you grant them guest access.
It still needs fixing for sure, but I'm still happy that the 'average Mac' is safer than the 'average PC' and even if all things are equal the update process on OS X is smoother than a PC.
This isn't a Mac fangirl speaking, just someone who appreciates the pros and cons of different systems and feels that the advantages of OS X as a daily driver computer outweigh the negatives.
Just wish they'd produce a more modular desktop box but accept that's never going to happen
No, as the trick requires access to crontab, which regular user accounts have, but guest account does not, or at least not on mine. The command just fails instead of creating the file.
If this were not the case this would be an unbelievably serious issue, as Macs come with the Guest account by default if I remember (or at least a lot of people turn it on). As it stands I was unable to replicate the exploits from the guest account. If someone had access to my account, then lol what am I going to do anyway. My dev environment has all my git credentials automatically set and passwords all over the place. So I'd be screwed.
As Guinevere points out this is only serious if someone has direct access, or remote through ssh (which should be disabled on personal computers!). As it stands, I don't feel like installing the "fix", because I don't have the slightest grasp on the flags he's switching on and off.
I'll just cower in a dark corner until El Capitan comes along...
Mac OS X like any Unix like OS is complex, so theres always going to be vulnerabilities and bugs. Though overall it is more stable in that regard than Windows, but with the rise in popularity of Macs/iPhones etc more effort to exploit is to be expected really.
No OS is perfect, so theres no excuse for not being careful with what you do, etc.
Separate names with a comma.